-- Microsoft Azure Storage Explorer || Private Endpoints on ADLS Gen2 --

I just understood and solved my issue, was all about DNS resolution, adding below some explanation.

The need:

End users need to connect to PaaS services from home through VPN or from On-Premises private networks through their https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview#dns-configuration IPs.

Overview of the solution:

Forward DNS request to a DNS VM proxy located on Azure.

The DNS VM proxy is in a vnet that has a link with your Azure private DNS zones hosting the https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview#dns-configuration.

Detail of the solution:

1. Create the Azure https://docs.microsoft.com/en-us/azure/dns/private-dns-overview “privatelink.blob.core.windows.net” with the DNS A record “mystoragename.privatelink.blob.core.windows.net” that returns the IP of my Storage Account private endpoint’s IP.
2. Use a VM DNS proxy, this VM’s vNet is linked to the upper mentioned Azure private dns zone. This DNS VM forwards DNS request to Azure DNS IP https://docs.microsoft.com/en-us/azure/virtual-network/what-is-ip-address-168-63-129-16.
• Here, a solution could be to use https://azure.microsoft.com/en-us/services/active-directory-ds/ as the DNS proxy, it’s natively configured to forward dns request to 168.63.129.16.
3. Use a DNS conditional forwarder on the On-Premises DNS servers to forward dns requests for the DNS zone “mystoragename.blob.core.windows.net” to the DNS proxy on Azure (in my context, to the 2 private Ips of my Azure AD DS service).

Feature request:

A feature request has been published https://feedback.azure.com/forums/34192--general-feedback/suggestions/39697135-simplify-private-endpoint-dns-resolution-from-on-p to simplify Private Endpoint DNS resolution from On-Premises.