Microsoft
MicrosoftHi FreddyAyala,
Yes, I think you have misunderstood my remark as I was not questioning or debating the use of Private Endpoints to provide network security when accessing the OpenAI service.
As per https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns#azure-services-dns-zone-configuration,
"Azure creates a canonical name DNS record (CNAME) on the public DNS. The CNAME record redirects the resolution to the private domain name. You can override the resolution with the private IP address of your private endpoints.
Your applications don't need to change the connection URL. When resolving to a public DNS service, the DNS server will resolve to your private endpoints. The process doesn't affect your existing applications."
My comment about "best practise" was to suggest that you should not include ".privatelink." in the hostname of the service, regardless of whether that service has a Private Endpoint or not, as Azure DNS takes care of that for you. You obviously need to be able to resolve the Private Endpoint DNS from your private network using the usual options (Domain Controllers with conditional forwarders, DNS Private Resolver etc). I hope this clarifies my comment and now makes sense?
Regards,
Phil
