Azure Private Endpoint private DNS zone values

Article
11/05/2024

It's important to correctly configure your DNS settings to resolve the private endpoint IP address to the fully qualified domain name (FQDN) of the connection string.

Existing Microsoft Azure services might already have a DNS configuration for a public endpoint. This configuration must be overridden to connect using your private endpoint.

The network interface associated with the private endpoint contains the information to configure your DNS. The network interface information includes FQDN and private IP addresses for your private link resource.

You can use the following options to configure your DNS settings for private endpoints:

Use the host file (only recommended for testing). You can use the host file on a virtual machine to override the DNS.
Use a private DNS zone. You can use Private DNS Zones to override the DNS resolution for a private endpoint. A private DNS zone can be linked to your virtual network to resolve specific domains.
Use Azure Private Resolver (optional). You can use Azure Private Resolver to override the DNS resolution for a private link resource. For more information about Azure Private Resolver, see What is Azure Private Resolver?.

Caution

It's not recommended to override a zone that's actively in use to resolve public endpoints. Connections to resources won't be able to resolve correctly without DNS forwarding to the public DNS. To avoid issues, create a different domain name or follow the suggested name for each service listed later in this article.
Existing Private DNS Zones linked to a single Azure service should not be associated with two different Azure service Private Endpoints. This will cause a deletion of the initial A-record and result in resolution issue when attempting to access that service from each respective Private Endpoint. Create a DNS zone for each Private Endpoint of like services. Don't place records for multiple services in the same DNS zone.

Azure services DNS zone configuration

Azure creates a canonical name DNS record (CNAME) on the public DNS. The CNAME record redirects the resolution to the private domain name. You can override the resolution with the private IP address of your private endpoints.

Connection URLs for your existing applications don't change. Client DNS requests to a public DNS server resolve to your private endpoints. The process doesn't affect your existing applications.

Important

Azure File Shares must be remounted if connected to the public endpoint.

Caution

Private networks using a Private DNS Zone for any given resource type (for example, privatelink.blob.core.windows.net/Storage Account) can only resolve DNS Queries to public resources/Public IPs if those public resources don't have any existing Private Endpoint Connections. If this applies, an additional DNS configuration is required on the Private DNS Zone to complete the DNS resolution sequence. Otherwise, the Private DNS Zone will respond to the DNS query with a NXDOMAIN as no matching DNS record would be found in the Private DNS Zone.

Fallback to Internet for Private DNS Zone Virtual Network Links can be implemented for proper DNS Resolution for the Public IP of the public resource. This allows DNS queries that reach Private DNS Zones to be forwarded to Azure DNS for public resolution.

Alternatively, a manually entered A-record in the Private DNS Zone that contains the Public IP of the public resource would allow for proper DNS resolution. This procedure isn't recommended as the Public IP of the A record in the Private DNS Zone won't be automatically updated if the corresponding public IP address changes for the public resource.

Private endpoint private DNS zone configurations will only automatically generate if you use the recommended naming scheme in the following tables.

For Azure services, use the recommended zone names as described in the following tables:

Commercial

AI + Machine Learning

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Machine Learning (Microsoft.MachineLearningServices/workspaces)	amlworkspace	privatelink.api.azureml.ms privatelink.notebooks.azure.net	api.azureml.ms notebooks.azure.net instances.azureml.ms aznbcontent.net inference.ml.azure.com
Azure AI services (Microsoft.CognitiveServices/accounts)	account	privatelink.cognitiveservices.azure.com privatelink.openai.azure.com privatelink.services.ai.azure.com	cognitiveservices.azure.com openai.azure.com services.ai.azure.com
Azure Bot Service (Microsoft.BotService/botServices)	Bot	privatelink.directline.botframework.com	directline.botframework.com
Azure Bot Service (Microsoft.BotService/botServices)	Token	privatelink.token.botframework.com	token.botframework.com

Analytics

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Synapse Analytics (Microsoft.Synapse/workspaces)	Sql	privatelink.sql.azuresynapse.net	sql.azuresynapse.net
Azure Synapse Analytics (Microsoft.Synapse/workspaces)	SqlOnDemand	privatelink.sql.azuresynapse.net	sql.azuresynapse.net
Azure Synapse Analytics (Microsoft.Synapse/workspaces)	Dev	privatelink.dev.azuresynapse.net	dev.azuresynapse.net
Azure Synapse Studio (Microsoft.Synapse/privateLinkHubs)	Web	privatelink.azuresynapse.net	azuresynapse.net
Azure Event Hubs (Microsoft.EventHub/namespaces)	namespace	privatelink.servicebus.windows.net	servicebus.windows.net
Azure Service Bus (Microsoft.ServiceBus/namespaces)	namespace	privatelink.servicebus.windows.net	servicebus.windows.net
Azure Data Factory (Microsoft.DataFactory/factories)	dataFactory	privatelink.datafactory.azure.net	datafactory.azure.net
Azure Data Factory (Microsoft.DataFactory/factories)	portal	privatelink.adf.azure.com	adf.azure.com
Azure HDInsight (Microsoft.HDInsight/clusters)	gateway headnode	privatelink.azurehdinsight.net	azurehdinsight.net
Azure Data Explorer (Microsoft.Kusto/Clusters)	cluster	privatelink.{regionName}.kusto.windows.net privatelink.blob.core.windows.net privatelink.queue.core.windows.net privatelink.table.core.windows.net	{regionName}.kusto.windows.net blob.core.windows.net queue.core.windows.net table.core.windows.net
Microsoft Power BI (Microsoft.PowerBI/privateLinkServicesForPowerBI)	tenant	privatelink.analysis.windows.net privatelink.pbidedicated.windows.net privatelink.tip1.powerquery.microsoft.com	analysis.windows.net pbidedicated.windows.net tip1.powerquery.microsoft.com
Azure Databricks (Microsoft.Databricks/workspaces)	databricks_ui_api browser_authentication	privatelink.azuredatabricks.net	azuredatabricks.net

Compute

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Batch (Microsoft.Batch/batchAccounts)	batchAccount	privatelink.batch.azure.com	{regionName}.batch.azure.com
Azure Batch (Microsoft.Batch/batchAccounts)	nodeManagement	privatelink.batch.azure.com	{regionName}.service.batch.azure.com
Azure Virtual Desktop (Microsoft.DesktopVirtualization/workspaces)	global	privatelink-global.wvd.microsoft.com	wvd.microsoft.com
Azure Virtual Desktop (Microsoft.DesktopVirtualization/workspaces)	feed	privatelink.wvd.microsoft.com	wvd.microsoft.com
Azure Virtual Desktop (Microsoft.DesktopVirtualization/hostpools)	connection	privatelink.wvd.microsoft.com	wvd.microsoft.com

Containers

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Kubernetes Service - Kubernetes API (Microsoft.ContainerService/managedClusters)	management	privatelink.{regionName}.azmk8s.io {subzone}.privatelink.{regionName}.azmk8s.io	{regionName}.azmk8s.io
Azure Container Apps (Microsoft.App/ManagedEnvironments)	managedEnvironments	privatelink.{regionName}.azurecontainerapps.io	azurecontainerapps.io
Azure Container Registry (Microsoft.ContainerRegistry/registries)	registry	privatelink.azurecr.io {regionName}.data.privatelink.azurecr.io	azurecr.io {regionName}.data.azurecr.io

Databases

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure SQL Database (Microsoft.Sql/servers)	sqlServer	privatelink.database.windows.net	database.windows.net
Azure SQL Managed Instance (Microsoft.Sql/managedInstances)	managedInstance	privatelink.{dnsPrefix}.database.windows.net	{instanceName}.{dnsPrefix}.database.windows.net
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	Sql	privatelink.documents.azure.com	documents.azure.com
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	MongoDB	privatelink.mongo.cosmos.azure.com	mongo.cosmos.azure.com
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	Cassandra	privatelink.cassandra.cosmos.azure.com	cassandra.cosmos.azure.com
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	Gremlin	privatelink.gremlin.cosmos.azure.com	gremlin.cosmos.azure.com
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	Table	privatelink.table.cosmos.azure.com	table.cosmos.azure.com
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	Analytical	privatelink.analytics.cosmos.azure.com	analytics.cosmos.azure.com
Azure Cosmos DB (Microsoft.DBforPostgreSQL/serverGroupsv2)	coordinator	privatelink.postgres.cosmos.azure.com	postgres.cosmos.azure.com
Azure Database for PostgreSQL - Single server (Microsoft.DBforPostgreSQL/servers)	postgresqlServer	privatelink.postgres.database.azure.com	postgres.database.azure.com
Azure Database for PostgreSQL - Flexible server (Microsoft.DBforPostgreSQL/flexibleServers)	postgresqlServer	privatelink.postgres.database.azure.com	postgres.database.azure.com
Azure Database for MySQL - Single Server (Microsoft.DBforMySQL/servers)	mysqlServer	privatelink.mysql.database.azure.com	mysql.database.azure.com
Azure Database for MySQL - Flexible Server (Microsoft.DBforMySQL/flexibleServers)	mysqlServer	privatelink.mysql.database.azure.com	mysql.database.azure.com
Azure Database for MariaDB (Microsoft.DBforMariaDB/servers)	mariadbServer	privatelink.mariadb.database.azure.com	mariadb.database.azure.com
Azure Cache for Redis (Microsoft.Cache/Redis)	redisCache	privatelink.redis.cache.windows.net	redis.cache.windows.net
Azure Cache for Redis Enterprise (Microsoft.Cache/RedisEnterprise)	redisEnterprise	privatelink.redisenterprise.cache.azure.net	redisenterprise.cache.azure.net
Azure Managed Redis (Microsoft.Cache/RedisEnterprise)	redisEnterprise	privatelink.redis.azure.net	{instanceName}.{region}.redis.azure.net

Hybrid + multicloud

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Arc (Microsoft.HybridCompute/privateLinkScopes)	hybridcompute	privatelink.his.arc.azure.com privatelink.guestconfiguration.azure.com privatelink.dp.kubernetesconfiguration.azure.com	his.arc.azure.com guestconfiguration.azure.com dp.kubernetesconfiguration.azure.com

Integration

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Service Bus (Microsoft.ServiceBus/namespaces)	namespace	privatelink.servicebus.windows.net	servicebus.windows.net
Azure Event Grid (Microsoft.EventGrid/topics)	topic	privatelink.eventgrid.azure.net	eventgrid.azure.net
Azure Event Grid (Microsoft.EventGrid/domains)	domain	privatelink.eventgrid.azure.net	eventgrid.azure.net
Azure Event Grid (Microsoft.EventGrid/namespaces)	topic	privatelink.eventgrid.azure.net	eventgrid.azure.net
Azure Event Grid (Microsoft.EventGrid/namespaces/topicSpace)	topicSpace	privatelink.ts.eventgrid.azure.net	eventgrid.azure.net
Azure Event Grid (Microsoft.EventGrid/partnerNamespaces)	partnernamespace	privatelink.eventgrid.azure.net	eventgrid.azure.net
Azure API Management (Microsoft.ApiManagement/service)	Gateway	privatelink.azure-api.net	azure-api.net
Azure Health Data Services (Microsoft.HealthcareApis/workspaces)	healthcareworkspace	privatelink.workspace.azurehealthcareapis.com privatelink.fhir.azurehealthcareapis.com privatelink.dicom.azurehealthcareapis.com	workspace.azurehealthcareapis.com fhir.azurehealthcareapis.com dicom.azurehealthcareapis.com

Internet of Things (IoT)

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure IoT Hub (Microsoft.Devices/IotHubs)	iotHub	privatelink.azure-devices.net privatelink.servicebus.windows.net¹	azure-devices.net servicebus.windows.net
Azure IoT Hub Device Provisioning Service (Microsoft.Devices/ProvisioningServices)	iotDps	privatelink.azure-devices-provisioning.net	azure-devices-provisioning.net
Device Update for IoT Hubs (Microsoft.DeviceUpdate/accounts)	DeviceUpdate	privatelink.api.adu.microsoft.com	api.adu.microsoft.com
Azure IoT Central (Microsoft.IoTCentral/IoTApps)	iotApp	privatelink.azureiotcentral.com	azureiotcentral.com
Azure Digital Twins (Microsoft.DigitalTwins/digitalTwinsInstances)	API	privatelink.digitaltwins.azure.net	digitaltwins.azure.net

Media

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Media Services (Microsoft.Media/mediaservices)	keydelivery liveevent streamingendpoint	privatelink.media.azure.net	media.azure.net

Management and Governance

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Automation (Microsoft.Automation/automationAccounts)	Webhook DSCAndHybridWorker	privatelink.azure-automation.net	{regionCode}.azure-automation.net
Azure Backup (Microsoft.RecoveryServices/vaults)	AzureBackup	privatelink.{regionCode}.backup.windowsazure.com	{regionCode}.backup.windowsazure.com
Azure Site Recovery (Microsoft.RecoveryServices/vaults)	AzureSiteRecovery	privatelink.siterecovery.windowsazure.com	{regionCode}.siterecovery.windowsazure.com
Azure Monitor (Microsoft.Insights/privateLinkScopes)	azuremonitor	privatelink.monitor.azure.com privatelink.oms.opinsights.azure.com privatelink.ods.opinsights.azure.com privatelink.agentsvc.azure-automation.net privatelink.blob.core.windows.net	monitor.azure.com oms.opinsights.azure.com ods.opinsights.azure.com agentsvc.azure-automation.net blob.core.windows.net services.visualstudio.com applicationinsights.azure.com
Microsoft Purview (Microsoft.Purview/accounts)	account	privatelink.purview.azure.com	purview.azure.com
Microsoft Purview (Microsoft.Purview/accounts)	portal	privatelink.purviewstudio.azure.com	purviewstudio.azure.com
Microsoft Purview (Microsoft.Purview/accounts)	platform	privatelink.purview-service.microsoft.com	purview-service.microsoft.com
Azure Migrate (Microsoft.Migrate/migrateProjects)	Default	privatelink.prod.migration.windowsazure.com	prod.migration.windowsazure.com
Azure Migrate (Microsoft.Migrate/assessmentProjects)	Default	privatelink.prod.migration.windowsazure.com	prod.migration.windowsazure.com
Azure Resource Manager (Microsoft.Authorization/resourceManagementPrivateLinks)	ResourceManagement	privatelink.azure.com	azure.com
Azure Managed Grafana (Microsoft.Dashboard/grafana)	grafana	privatelink.grafana.azure.com	grafana.azure.com

Security

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Key Vault (Microsoft.KeyVault/vaults)	vault	privatelink.vaultcore.azure.net	vault.azure.net vaultcore.azure.net
Azure Key Vault (Microsoft.KeyVault/managedHSMs)	managedhsm	privatelink.managedhsm.azure.net	managedhsm.azure.net
Azure App Configuration (Microsoft.AppConfiguration/configurationStores)	configurationStores	privatelink.azconfig.io	azconfig.io
Azure Attestation (Microsoft.Attestation/attestationProviders)	standard	privatelink.attest.azure.net	attest.azure.net

Storage

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Storage account (Microsoft.Storage/storageAccounts)	blob blob_secondary	privatelink.blob.core.windows.net	blob.core.windows.net
Storage account (Microsoft.Storage/storageAccounts)	table table_secondary	privatelink.table.core.windows.net	table.core.windows.net
Storage account (Microsoft.Storage/storageAccounts)	queue queue_secondary	privatelink.queue.core.windows.net	queue.core.windows.net
Storage account (Microsoft.Storage/storageAccounts)	file	privatelink.file.core.windows.net	file.core.windows.net
Storage account (Microsoft.Storage/storageAccounts)	web web_secondary	privatelink.web.core.windows.net	web.core.windows.net
Azure Data Lake File System Gen2 (Microsoft.Storage/storageAccounts)	dfs dfs_secondary	privatelink.dfs.core.windows.net	dfs.core.windows.net
Azure File Sync (Microsoft.StorageSync/storageSyncServices)	afs	privatelink.afs.azure.net	afs.azure.net
Azure Managed Disks (Microsoft.Compute/diskAccesses)	disks	privatelink.blob.core.windows.net	blob.core.windows.net

Web

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Search (Microsoft.Search/searchServices)	searchService	privatelink.search.windows.net	search.windows.net
Azure Relay (Microsoft.Relay/namespaces)	namespace	privatelink.servicebus.windows.net	servicebus.windows.net
Azure Web Apps - Azure Function Apps (Microsoft.Web/sites)	sites	privatelink.azurewebsites.net scm.privatelink.azurewebsites.net²	azurewebsites.net scm.azurewebsites.net
SignalR (Microsoft.SignalRService/SignalR)	signalr	privatelink.service.signalr.net	service.signalr.net
Azure Static Web Apps (Microsoft.Web/staticSites)	staticSites	privatelink.azurestaticapps.net privatelink.{partitionId}.azurestaticapps.net	azurestaticapps.net {partitionId}.azurestaticapps.net
Azure Event Hubs (Microsoft.EventHub/namespaces)	namespace	privatelink.servicebus.windows.net	servicebus.windows.net
Azure Web PubSub service (Microsoft.SignalRService/WebPubSub)	webpubsub	privatelink.webpubsub.azure.com	webpubsub.azure.com

¹To use with IoT Hub's built-in Event Hub compatible endpoint. To learn more, see private link support for IoT Hub's built-in endpoint

²In scenarios where the Kudu console or Kudu REST API is used, you must create two DNS records pointing to the private endpoint IP in your Azure DNS private zone or custom DNS server. The first record is for your app, and the second record is for the SCM (Source Control Management) of your app.

Note

In the above text, {regionCode} refers to the region code (for example, eus for East US and ne for North Europe). Refer to the following lists for regions codes:

{regionName} refers to the full region name (for example, eastus for East US and northeurope for North Europe). To retrieve a current list of Azure regions and their names and display names, use az account list-locations -o table.

Government

AI + Machine Learning

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure AI services (Microsoft.CognitiveServices/accounts)	account	privatelink.cognitiveservices.azure.us	cognitiveservices.azure.us
Azure Machine Learning (Microsoft.MachineLearningServices/workspaces)	amlworkspace	privatelink.api.ml.azure.us privatelink.notebooks.usgovcloudapi.net	api.ml.azure.us notebooks.usgovcloudapi.net instances.azureml.us aznbcontent.net inference.ml.azure.us

Analytics

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Event Hubs (Microsoft.EventHub/namespaces)	namespace	privatelink.servicebus.usgovcloudapi.net	servicebus.usgovcloudapi.net
Azure Synapse Analytics (Microsoft.Synapse/workspaces)	Sql	privatelink.sql.azuresynapse.usgovcloudapi.net	sql.azuresynapse.usgovcloudapi.net
Azure Synapse Analytics (Microsoft.Synapse/workspaces)	SqlOnDemand	privatelink.sql.azuresynapse.usgovcloudapi.net	{workspaceName}-ondemand.sql.azuresynapse.usgovcloudapi.net
Azure Synapse Analytics (Microsoft.Synapse/workspaces)	Dev	privatelink.dev.azuresynapse.usgovcloudapi.net	dev.azuresynapse.usgovcloudapi.net
Azure Synapse Studio (Microsoft.Synapse/privateLinkHubs)	Web	privatelink.azuresynapse.usgovcloudapi.net	azuresynapse.usgovcloudapi.net
Azure Data Factory (Microsoft.DataFactory/factories)	dataFactory	privatelink.datafactory.azure.us	datafactory.azure.us
Azure Data Factory (Microsoft.DataFactory/factories)	portal	privatelink.adf.azure.us	adf.azure.us
Azure HDInsight (Microsoft.HDInsight)	gateway headnode	privatelink.azurehdinsight.us	azurehdinsight.us
Azure Databricks (Microsoft.Databricks/workspaces)	databricks_ui_api browser_authentication	privatelink.databricks.azure.us	databricks.azure.us

Compute

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Batch (Microsoft.Batch/batchAccounts)	batchAccount	privatelink.batch.usgovcloudapi.net	{regionName}.batch.usgovcloudapi.net
Azure Batch (Microsoft.Batch/batchAccounts)	nodeManagement	privatelink.batch.usgovcloudapi.net	{regionName}.service.batch.usgovcloudapi.net
Azure Virtual Desktop (Microsoft.DesktopVirtualization/workspaces)	global	privatelink-global.wvd.azure.us	wvd.azure.us
Azure Virtual Desktop (Microsoft.DesktopVirtualization/workspaces Microsoft.DesktopVirtualization/hostpools)	feed connection	privatelink.wvd.azure.us	wvd.azure.us

Containers

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Container Registry (Microsoft.ContainerRegistry/registries)	registry	privatelink.azurecr.us {regionName}.privatelink.azurecr.us	azurecr.us {regionName}.azurecr.us

Databases

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure SQL Database (Microsoft.Sql/servers)	sqlServer	privatelink.database.usgovcloudapi.net	database.usgovcloudapi.net
Azure SQL Managed Instance (Microsoft.Sql/managedInstances)	managedInstance	privatelink.{dnsPrefix}.database.usgovcloudapi.net	{instanceName}.{dnsPrefix}.database.usgovcloudapi.net
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	Sql	privatelink.documents.azure.us	documents.azure.us
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	MongoDB	privatelink.mongo.cosmos.azure.us	mongo.cosmos.azure.us
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	Cassandra	privatelink.cassandra.cosmos.azure.us	cassandra.cosmos.azure.us
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	Gremlin	privatelink.gremlin.cosmos.azure.us	gremlin.cosmos.azure.us
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	Table	privatelink.table.cosmos.azure.us	table.cosmos.azure.us
Azure Database for PostgreSQL - Single server (Microsoft.DBforPostgreSQL/servers)	postgresqlServer	privatelink.postgres.database.usgovcloudapi.net	postgres.database.usgovcloudapi.net
Azure Database for PostgreSQL - Flexible server (Microsoft.DBforPostgreSQL/flexibleServers)	postgresqlServer	privatelink.postgres.database.usgovcloudapi.net	postgres.database.usgovcloudapi.net
Azure Database for MySQL - Single Server (Microsoft.DBforMySQL/servers)	mysqlServer	privatelink.mysql.database.usgovcloudapi.net	mysql.database.usgovcloudapi.net
Azure Database for MySQL - Flexible Server (Microsoft.DBforMySQL/flexibleServers)	mysqlServer	privatelink.mysql.database.usgovcloudapi.net	mysql.database.usgovcloudapi.net
Azure Database for MariaDB (Microsoft.DBforMariaDB/servers)	mariadbServer	privatelink.mariadb.database.usgovcloudapi.net	mariadb.database.usgovcloudapi.net
Azure Cache for Redis (Microsoft.Cache/Redis)	redisCache	privatelink.redis.cache.usgovcloudapi.net	redis.cache.usgovcloudapi.net

Hybrid + multicloud

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders

Integration

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Service Bus (Microsoft.ServiceBus/namespaces)	namespace	privatelink.servicebus.usgovcloudapi.net	servicebus.usgovcloudapi.net
Azure Event Grid (Microsoft.EventGrid/topics)	topic	privatelink.eventgrid.azure.us	eventgrid.azure.us
Azure Event Grid (Microsoft.EventGrid/domains)	domain	privatelink.eventgrid.azure.us	eventgrid.azure.us
Azure Health Data Services (Microsoft.HealthcareApis/workspaces)	healthcareworkspace	privatelink.workspace.azurehealthcareapis.us privatelink.fhir.azurehealthcareapis.us privatelink.dicom.azurehealthcareapis.us	workspace.azurehealthcareapis.us fhir.azurehealthcareapis.us dicom.azurehealthcareapis.us

Internet of Things (IoT)

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure IoT Hub (Microsoft.Devices/IotHubs)	iotHub	privatelink.azure-devices.us privatelink.servicebus.windows.us¹	azure-devices.us servicebus.usgovcloudapi.net
Azure IoT Hub Device Provisioning Service (Microsoft.Devices/ProvisioningServices)	iotDps	privatelink.azure-devices-provisioning.us	azure-devices-provisioning.us

Media

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders

Management and Governance

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Automation / (Microsoft.Automation/automationAccounts)	Webhook DSCAndHybridWorker	privatelink.azure-automation.us	azure-automation.us
Azure Backup (Microsoft.RecoveryServices/vaults)	AzureBackup	privatelink.{regionCode}.backup.windowsazure.us	{regionCode}.backup.windowsazure.us
Azure Site Recovery (Microsoft.RecoveryServices/vaults)	AzureSiteRecovery	privatelink.siterecovery.windowsazure.us	{regionCode}.siterecovery.windowsazure.us
Azure Monitor (Microsoft.Insights/privateLinkScopes)	azuremonitor	privatelink.monitor.azure.us privatelink.adx.monitor.azure.us privatelink.oms.opinsights.azure.us privatelink.ods.opinsights.azure.us privatelink.agentsvc.azure-automation.us privatelink.blob.core.usgovcloudapi.net	monitor.azure.us adx.monitor.azure.us oms.opinsights.azure.us ods.opinsights.azure.us agentsvc.azure-automation.us blob.core.usgovcloudapi.net
Microsoft Purview (Microsoft.Purview)	account	privatelink.purview.azure.us	purview.azure.us
Microsoft Purview (Microsoft.Purview)	portal	privatelink.purviewstudio.azure.us	purview.azure.com purviewstudio.azure.us

Security

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Key Vault (Microsoft.KeyVault/vaults)	vault	privatelink.vaultcore.usgovcloudapi.net	vault.usgovcloudapi.net vaultcore.usgovcloudapi.net
Azure App Configuration (Microsoft.AppConfiguration/configurationStores)	configurationStores	privatelink.azconfig.azure.us	azconfig.azure.us

Storage

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Storage account (Microsoft.Storage/storageAccounts)	blob blob_secondary	privatelink.blob.core.usgovcloudapi.net	blob.core.usgovcloudapi.net
Storage account (Microsoft.Storage/storageAccounts)	table table_secondary	privatelink.table.core.usgovcloudapi.net	table.core.usgovcloudapi.net
Storage account (Microsoft.Storage/storageAccounts)	queue queue_secondary	privatelink.queue.core.usgovcloudapi.net	queue.core.usgovcloudapi.net
Storage account (Microsoft.Storage/storageAccounts)	file file_secondary	privatelink.file.core.usgovcloudapi.net	file.core.usgovcloudapi.net
Storage account (Microsoft.Storage/storageAccounts)	web web_secondary	privatelink.web.core.usgovcloudapi.net	web.core.usgovcloudapi.net
Azure Data Lake File System Gen2 (Microsoft.Storage/storageAccounts)	dfs dfs_secondary	privatelink.dfs.core.usgovcloudapi.net	dfs.core.usgovcloudapi.net

Web

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Search (Microsoft.Search/searchServices)	searchService	privatelink.search.azure.us	search.azure.us
Azure Relay (Microsoft.Relay/namespaces)	namespace	privatelink.servicebus.usgovcloudapi.net	servicebus.usgovcloudapi.net
Azure Web Apps (Microsoft.Web/sites)	sites	privatelink.azurewebsites.us scm.privatelink.azurewebsites.us²	azurewebsites.us scm.azurewebsites.us
Azure Event Hubs (Microsoft.EventHub/namespaces)	namespace	privatelink.servicebus.usgovcloudapi.net	servicebus.usgovcloudapi.net

Note

In the above text, {regionCode} refers to the region code (for example, eus for East US and ne for North Europe). Refer to the following lists for regions codes:

China

AI + Machine Learning

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Machine Learning (Microsoft.MachineLearningServices/workspaces)	amlworkspace	privatelink.api.ml.azure.cn privatelink.notebooks.chinacloudapi.cn	api.ml.azure.cn notebooks.chinacloudapi.cn instances.azureml.cn aznbcontent.net inference.ml.azure.cn

Analytics

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Data Factory (Microsoft.DataFactory/factories)	dataFactory	privatelink.datafactory.azure.cn	datafactory.azure.cn
Azure Data Factory (Microsoft.DataFactory/factories)	portal	privatelink.adf.azure.cn	adf.azure.cn
Azure HDInsight (Microsoft.HDInsight)	gateway headnode	privatelink.azurehdinsight.cn	azurehdinsight.cn
Azure Data Explorer (Microsoft.Kusto/Clusters)	cluster	privatelink.{regionName}.kusto.windows.cn	{regionName}.kusto.windows.cn

Compute

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Batch (Microsoft.Batch/batchAccounts)	batchAccount	privatelink.batch.chinacloudapi.cn	{region}.batch.chinacloudapi.cn
Azure Batch (Microsoft.Batch/batchAccounts)	nodeManagement	privatelink.batch.chinacloudapi.cn	{region}.service.batch.chinacloudapi.cn
Azure Virtual Desktop (Microsoft.DesktopVirtualization/workspaces)	global	privatelink-global.wvd.azure.cn	wvd.azure.cn
Azure Virtual Desktop (Microsoft.DesktopVirtualization/workspaces and Microsoft.DesktopVirtualization/hostpools)	feed connection	privatelink.wvd.azure.cn	wvd.azure.cn

Containers

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders

Databases

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure SQL Database (Microsoft.Sql/servers)	sqlServer	privatelink.database.chinacloudapi.cn	database.chinacloudapi.cn
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	Sql	privatelink.documents.azure.cn	documents.azure.cn
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	MongoDB	privatelink.mongo.cosmos.azure.cn	mongo.cosmos.azure.cn
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	Cassandra	privatelink.cassandra.cosmos.azure.cn	cassandra.cosmos.azure.cn
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	Gremlin	privatelink.gremlin.cosmos.azure.cn	gremlin.cosmos.azure.cn
Azure Cosmos DB (Microsoft.DocumentDB/databaseAccounts)	Table	privatelink.table.cosmos.azure.cn	table.cosmos.azure.cn
Azure Database for PostgreSQL - Single server (Microsoft.DBforPostgreSQL/servers)	postgresqlServer	privatelink.postgres.database.chinacloudapi.cn	postgres.database.chinacloudapi.cn
Azure Database for PostgreSQL - Flexible server (Microsoft.DBforPostgreSQL/flexibleServers)	postgresqlServer	privatelink.postgres.database.chinacloudapi.cn	postgres.database.chinacloudapi.cn
Azure Database for MySQL - Single Server (Microsoft.DBforMySQL/servers)	mysqlServer	privatelink.mysql.database.chinacloudapi.cn	mysql.database.chinacloudapi.cn
Azure Database for MySQL - Flexible Server (Microsoft.DBforMySQL/flexibleServers)	mysqlServer	privatelink.mysql.database.chinacloudapi.cn	mysql.database.chinacloudapi.cn
Azure Database for MariaDB (Microsoft.DBforMariaDB/servers)	mariadbServer	privatelink.mariadb.database.chinacloudapi.cn	mariadb.database.chinacloudapi.cn
Azure Cache for Redis (Microsoft.Cache/Redis)	redisCache	privatelink.redis.cache.chinacloudapi.cn	redis.cache.chinacloudapi.cn

Hybrid + multicloud

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders

Integration

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Service Bus (Microsoft.ServiceBus/namespaces)	namespace	privatelink.servicebus.chinacloudapi.cn	servicebus.chinacloudapi.cn

Internet of Things (IoT)

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure IoT Hub (Microsoft.Devices/IotHubs)	iotHub	privatelink.azure-devices.cn privatelink.servicebus.chinacloudapi.cn ¹	azure-devices.cn servicebus.chinacloudapi.cn
Azure IoT Hub Device Provisioning Service (Microsoft.Devices/ProvisioningServices)	iotDps	privatelink.azure-devices-provisioning.cn	azure-devices-provisioning.cn

Media

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders

Management and Governance

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Automation / (Microsoft.Automation/automationAccounts)	Webhook DSCAndHybridWorker	privatelink.azure-automation.cn	azure-automation.cn

Security

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Key Vault (Microsoft.KeyVault/vaults)	vault	privatelink.vaultcore.azure.cn	vaultcore.azure.cn

Storage

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Storage account (Microsoft.Storage/storageAccounts)	blob blob_secondary	privatelink.blob.core.chinacloudapi.cn	blob.core.chinacloudapi.cn
Storage account (Microsoft.Storage/storageAccounts)	table table_secondary	privatelink.table.core.chinacloudapi.cn	table.core.chinacloudapi.cn
Storage account (Microsoft.Storage/storageAccounts)	queue queue_secondary	privatelink.queue.core.chinacloudapi.cn	queue.core.chinacloudapi.cn
Storage account (Microsoft.Storage/storageAccounts)	file file_secondary	privatelink.file.core.chinacloudapi.cn	file.core.chinacloudapi.cn
Storage account (Microsoft.Storage/storageAccounts)	web web_secondary	privatelink.web.core.chinacloudapi.cn	web.core.chinacloudapi.cn
Azure Data Lake File System Gen2 (Microsoft.Storage/storageAccounts)	dfs dfs_secondary	privatelink.dfs.core.chinacloudapi.cn	dfs.core.chinacloudapi.cn
Azure File Sync (Microsoft.StorageSync/storageSyncServices)	afs	privatelink.afs.azure.cn	afs.azure.cn

Web

Private link resource type	Subresource	Private DNS zone name	Public DNS zone forwarders
Azure Event Hubs (Microsoft.EventHub/namespaces)	namespace	privatelink.servicebus.chinacloudapi.cn	servicebus.chinacloudapi.cn
Azure Relay (Microsoft.Relay/namespaces)	namespace	privatelink.servicebus.chinacloudapi.cn	servicebus.chinacloudapi.cn
Azure Web Apps (Microsoft.Web/sites)	sites	privatelink.chinacloudsites.cn	chinacloudsites.cn
SignalR (Microsoft.SignalRService/SignalR)	signalR	privatelink.signalr.azure.cn	service.signalr.azure.cn

¹To use with IoT Hub's built-in Event Hub compatible endpoint. To learn more, see private link support for IoT Hub's built-in endpoint

Next step

To learn more about DNS integration and scenarios for Azure Private Link, continue to the following article:

Azure Private Endpoint DNS

Share via

Azure Private Endpoint private DNS zone values

Azure services DNS zone configuration

Commercial

AI + Machine Learning

Analytics

Compute

Containers

Databases

Hybrid + multicloud

Integration

Internet of Things (IoT)

Media

Management and Governance

Security

Storage

Web

Government

AI + Machine Learning

Analytics

Compute

Containers

Databases

Hybrid + multicloud

Integration

Internet of Things (IoT)

Media

Management and Governance

Security

Storage

Web

China

AI + Machine Learning

Analytics

Compute

Containers

Databases

Hybrid + multicloud

Integration

Internet of Things (IoT)

Media

Management and Governance

Security

Storage

Web

Next step

Feedback

Additional resources