hows traffic manager does dns based routing and hides ip of our load balancer as well

No, Azure Traffic Manager cannot directly access an application hosted in a private subnet.

Azure Traffic Manager is a DNS-based traffic routing service that operates at the DNS level. It directs incoming traffic to various endpoints based on configured routing methods, such as geographic proximity, performance, or priority. However, Traffic Manager itself does not have the capability to directly access resources within a private subnet because it operates at the DNS resolution level and does not perform network-level routing.

To route traffic to an application hosted in a private subnet, you typically need to use other Azure networking services or components such as Azure Application Gateway, Azure Load Balancer, or a reverse proxy deployed in a public subnet. These components act as intermediaries between Traffic Manager and the application servers in the private subnet, forwarding traffic from Traffic Manager to the backend servers securely.

Here's a common setup to route traffic from Traffic Manager to an application in a private subnet:

1. Deploy a reverse proxy, Azure Application Gateway, or Azure Load Balancer with a public IP address in a public subnet.

2. Configure the reverse proxy or load balancer to forward incoming traffic to the application servers in the private subnet using their private IP addresses.

3. Configure Traffic Manager with endpoints that point to the public IP address of the reverse proxy or load balancer.

4. When users access the application, their DNS queries are routed to Traffic Manager, which directs them to the appropriate endpoint (reverse proxy or load balancer). The reverse proxy or load balancer then forwards the requests to the application servers in the private subnet.

By using this architecture, you can keep the application servers in the private subnet hidden from external users while still providing access to the application through Traffic Manager.