Can’t resolve external DNS record for domain in Azure Private DNS Zone

Having an issue that I can’t quite work out, wondered if some fine person here had any experience!

I’m running a web based .NET application on a Azure VM (Windows Server 2019) on a FQDN, lets say app.clientdomain.com. I don’t control the public DNS for this domain as the client owns the domain (they have a CNAME record in place that points app.clientdomain.com at the FQDN of the Azure Application gateway that sits in front of the VM).

The application requires a local DNS loopback for certain things to work correctly, and I’ve used an Azure Private DNS zone with clientdomain.com as the main domain, and an A record for app.clientdomain.com pointed to the Private IP address of the VM. This works quite nicely for the local DNS loopback.

I now also need to be able to access an FTP server on the same domain, say ftp.clientdomain.com. The particular sFTP server in question is external to my Azure subscription and not controlled by me.

However the issue I have is that the DNS resolves fine for ftp.clientdomain.com in the outside world, but wont resolve from within the VNet (NSLookup reports ‘Non-existent domain’).

I ideally don’t want to put an A record for ftp.clientdomain.com in my private zone, as the IP address may be changed by the client without notice, which would break my applications ability to reach the sFTP server.

Am I unreasonable to expect that if a matching DNS record is not found in the private zone that it should reach outside to public DNS? Am I doing something wrong, or is something broken?

Thanks in advance for any input!