Share via

How to define private dns zoneid referencing to another subscription / resource group in bicep template?

Asko Kauppinen 46 Reputation points
2025-02-17T08:54:24.6866667+00:00

I have problem defining private dns zonegroup resource in my bicep module. Deployment fails with the error indicating that resourceid for the private dns zone existing in another subscription / resource group than current deployment scope is invalid.

What could be the problem? My bicep template / module is shown below:

param privateEndpointResourceName  string
param privateDnsZoneName           string
param privateDnsZoneSubscriptionId string
param privateDnsZoneResourceGroup  string
param privateDnsZoneGroupName      string


resource pe 'Microsoft.Network/privateEndpoints@2023-04-01' existing = {
  name:  privateEndpointResourceName
}

resource privateDnsZone 'Microsoft.Network/privateDnsZones@2024-06-01' existing = {
  name: privateDnsZoneName
  scope: resourceGroup(privateDnsZoneSubscriptionId, privateDnsZoneResourceGroup)
}


resource privateEndpointResourceDnsZoneRecord 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2024-05-01' = {
  parent: pe
  name: privateDnsZoneGroupName
  properties: {
    privateDnsZoneConfigs: [
      {
        name: privateDnsZoneGroupName
        properties: {
          privateDnsZoneId: privateDnsZone.id
          
        }
      }
    ]
  }
}
Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
729 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
537 questions
Accepted answer
  1. Vallepu Venkateswarlu 475 Reputation points Microsoft Vendor
    2025-02-19T06:46:01.5766667+00:00

    Hi @ Asko Kauppinen

    Since you've already found the fix for your requirement, I'm posting the solution for the community's benefit.

    The issue you are facing is due to a typo caused by Bicep's string interpolation behavior.

    privateDnsZoneName: 'privatelink.${environment().suffixes.sqlServerHostname}'

    To resolve the issue, remove the dot (.) inside the interpolation brackets. Bicep interprets it as property access rather than a string. Instead, access sqlServerHostname within suffixes using the environment() function. For more details, refer to Deployment functions for Bicep.

    privateDnsZoneName: 'privatelink${environment().suffixes.sqlServerHostname}'

    Here is the updated code with the correct format for privateDnsZoneName

    
    module sub_pe_dns_record './networking/module_privatednszone_record.bicep' = if (deployPepSql) {

      name: 'deployPeZoneDnsRecord'

      params: {

        privateDnsZoneName: 'privatelink${environment().suffixes.sqlServerHostname}'

        privateEndpointResourceName:  sub_pe_azure_sql.outputs.privateEndpointName

        privateDnsZoneSubscriptionId: networkingSubsId

        privateDnsZoneResourceGroup:  networkingRG

        privateDnsZoneGroupName:      'default'

        privateDnsZoneGroupConfigName: 'privatelink_database_windows_net'

      }

    }

    Reference: Scope to subscription in bicep

    I really appreciate your feedback. It’s valuable to us. Please click Accept Answer on this post to assist other community members facing similar issues in finding the correct solution.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.