Microsoft.Network privateDnsZones
Bicep resource definition
The privateDnsZones resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/privateDnsZones resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/privateDnsZones@2024-06-01' = {
etag: 'string'
location: 'string'
name: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
Property values
Microsoft.Network/privateDnsZones
Name | Description | Value |
---|---|---|
etag | The ETag of the zone. | string |
location | The Azure Region where the resource lives | string |
name | The resource name | string (required) |
properties | Properties of the Private DNS zone. | PrivateZoneProperties |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
PrivateZoneProperties
Name | Description | Value |
---|
TrackedResourceTags
Name | Description | Value |
---|
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
AKS Cluster with a NAT Gateway and an Application Gateway | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
AKS cluster with the Application Gateway Ingress Controller | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
Application Gateway with internal API Management and Web App | Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. |
Azure AI Studio Network Restricted | This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Azure AI Studio Network Restricted | This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Azure Batch pool without public IP addresses | This template creates Azure Batch simplified node communication pool without public IP addresses. |
Azure Cloud Shell - VNet | This template deploys Azure Cloud Shell resources into an Azure virtual network. |
Azure Databricks All-in-one Templat VNetInjection-Pvtendpt | This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network, and Private Endpoint. |
Azure Digital Twins with Function and Private Link service | This template creates an Azure Digital Twins service configured with a Virtual Network connected Azure Function that can communicate through a Private Link Endpoint to Digital Twins. It also creates a Private DNS Zone to allow seamless hostname resolution of the Digital Twins Endpoint from the Virtual Network to the Private Endpoint internal subnet IP address. The hostname is stored as a setting to the Azure Function with name 'ADT_ENDPOINT'. |
Azure Machine Learning end-to-end secure setup | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy) | This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure private DNS domain hosting example | This template shows how to create a private DNS zone and optionally enable VM registration |
AzureDatabricks Template for Default Storage Firewall | This template allows you to create a network security group, a virtual network, private endpoint, and a default storage firewall enabled Azure Databricks workspace with the virtual network and the system-assigned access connector. |
Create a Private AKS Cluster | This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine. |
Create a Web App, PE and Application Gateway v2 | This template creates an Azure Web App with Private endpoint in Azure Virtual Network Subnet , an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet). The Web App restricts access to traffic from the subnet using private endpoint |
Create AKS with Prometheus and Grafana with privae link | This will create an Azure grafana, AKS and install Prometheus, an open-source monitoring and alerting toolkit, on an Azure Kubernetes Service (AKS) cluster. Then you use Azure Managed Grafana's managed private endpoint to connect to this Prometheus server and display the Prometheus data in a Grafana dashboard |
Create an API Management service with a private endpoint | This template will create an API Management service, a virtual network and a private endpoint exposing the API Management service to the virtual network. |
Create an AppServicePlan and App in an ASEv3 | Create an AppServicePlan and App in an ASEv3 |
Create an Azure Machine Learning service workspace (legacy) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create an Azure Machine Learning service workspace (vnet) | This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create API Management in Internal VNet with App Gateway | This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway. |
Create Application Gateway with Certificates | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
Create Function App and private endpoint-secured Storage | This template allows you to deploy an Azure Function App that communicates with Azure Storage over private endpoints. |
Deploy Azure Database for PostgreSQL (flexible) with VNet | This template provides a way to deploy a Flexible server Azure database for PostgreSQL with VNet integration. |
Deploy MySQL Flexible Server with Private Endpoint | This template provides a way to deploy a Azure Database for MySQL Flexible Server with Private Endpoint. |
Deploy MySQL Flexible Server with Vnet Integration | This template provides a way to deploy a Azure database for MySQL Flexible Server with VNet Integration. |
Function App secured by Azure Frontdoor | This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link. |
Private Endpoint example | This template shows how to create a private endpoint pointing to Azure SQL Server |
Private Function App and private endpoint-secured Storage | This template provisions a function app on a Premium plan that has private endpoints and communicates with Azure Storage over private endpoints. |
Secure N-tier Web App | This template allows you to create a secure end to end solution with two web apps with staging slots, front end and back end, front end will consume securely the back through VNet injection and Private Endpoint |
SonarQube on Web App with PostgreSQL and VNet integration | This template provides easy to deploy SonarQube to Web App on Linux with PostgreSQL Flexible Server, VNet integration and private DNS. |
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology | This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering. |
Web App with VNet Injection and Private Endpoint | This template allows you to create a secure end to end solution with two web apps, front end and back end, front end will consume securely the back through VNet injection and Private Endpoint |
ARM template resource definition
The privateDnsZones resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/privateDnsZones resource, add the following JSON to your template.
{
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2024-06-01",
"name": "string",
"etag": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
Property values
Microsoft.Network/privateDnsZones
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2024-06-01' |
etag | The ETag of the zone. | string |
location | The Azure Region where the resource lives | string |
name | The resource name | string (required) |
properties | Properties of the Private DNS zone. | PrivateZoneProperties |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Network/privateDnsZones' |
PrivateZoneProperties
Name | Description | Value |
---|
TrackedResourceTags
Name | Description | Value |
---|
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
AKS Cluster with a NAT Gateway and an Application Gateway |
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
AKS cluster with the Application Gateway Ingress Controller |
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
App Service Environment with Azure SQL backend |
This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment. |
Application Gateway with internal API Management and Web App |
Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App. |
Azure AI Studio Network Restricted |
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Azure AI Studio Network Restricted |
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Azure Batch pool without public IP addresses |
This template creates Azure Batch simplified node communication pool without public IP addresses. |
Azure Cloud Shell - VNet |
This template deploys Azure Cloud Shell resources into an Azure virtual network. |
Azure Cognitive Search service with private endpoint |
This template creates an Azure Cognitive Search service with a private endpoint. |
Azure Databricks All-in-one Templat VNetInjection-Pvtendpt |
This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network, and Private Endpoint. |
Azure Digital Twins with Function and Private Link service |
This template creates an Azure Digital Twins service configured with a Virtual Network connected Azure Function that can communicate through a Private Link Endpoint to Digital Twins. It also creates a Private DNS Zone to allow seamless hostname resolution of the Digital Twins Endpoint from the Virtual Network to the Private Endpoint internal subnet IP address. The hostname is stored as a setting to the Azure Function with name 'ADT_ENDPOINT'. |
Azure Machine Learning end-to-end secure setup |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy) |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure private DNS domain hosting example |
This template shows how to create a private DNS zone and optionally enable VM registration |
AzureDatabricks Template for Default Storage Firewall |
This template allows you to create a network security group, a virtual network, private endpoint, and a default storage firewall enabled Azure Databricks workspace with the virtual network and the system-assigned access connector. |
AzureDatabricks Template with Default Storage Firewall |
This template allows you to create an Default Storage Firewall enabled Azure Databricks workspace with Privateendpoint, all three forms of CMK, and User-Assigned Access Connector. |
Connect to a Event Hubs namespace via private endpoint |
This sample shows how to use configure a virtual network and private DNS zone to access a Event Hubs namespace via a private endpoint. |
Connect to a Key Vault via private endpoint |
This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint. |
Connect to a Service Bus namespace via private endpoint |
This sample shows how to use configure a virtual network and private DNS zone to access a Service Bus namespace via private endpoint. |
Connect to a storage account from a VM via private endpoint |
This sample shows how to use connect a virtual network to access a blob storage account via private endpoint. |
Connect to an Azure File Share via a Private Endpoint |
This sample shows how to use configure a virtual network and private DNS zone to access an Azure File Share via a private endpoint. |
Create a Private AKS Cluster |
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine. |
Create a Private AKS Cluster with a Public DNS Zone |
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone. |
Create a Web App, PE and Application Gateway v2 |
This template creates an Azure Web App with Private endpoint in Azure Virtual Network Subnet , an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet). The Web App restricts access to traffic from the subnet using private endpoint |
Create AKS with Prometheus and Grafana with privae link |
This will create an Azure grafana, AKS and install Prometheus, an open-source monitoring and alerting toolkit, on an Azure Kubernetes Service (AKS) cluster. Then you use Azure Managed Grafana's managed private endpoint to connect to this Prometheus server and display the Prometheus data in a Grafana dashboard |
Create an API Management service with a private endpoint |
This template will create an API Management service, a virtual network and a private endpoint exposing the API Management service to the virtual network. |
Create an AppServicePlan and App in an ASEv3 |
Create an AppServicePlan and App in an ASEv3 |
Create an Azure Machine Learning service workspace (legacy) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create an Azure Machine Learning service workspace (vnet) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create API Management in Internal VNet with App Gateway |
This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway. |
Create Application Gateway with Certificates |
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. |
Create Function App and private endpoint-secured Storage |
This template allows you to deploy an Azure Function App that communicates with Azure Storage over private endpoints. |
Deploy an Azure Databricks Workspace with PE,CMK all forms |
This template allows you to create an Azure Databricks workspace with PrivateEndpoint and managed services and CMK with DBFS encryption. |
Deploy Azure Database for PostgreSQL (flexible) with VNet |
This template provides a way to deploy a Flexible server Azure database for PostgreSQL with VNet integration. |
Deploy MySQL Flexible Server with Private Endpoint |
This template provides a way to deploy a Azure Database for MySQL Flexible Server with Private Endpoint. |
Deploy MySQL Flexible Server with Vnet Integration |
This template provides a way to deploy a Azure database for MySQL Flexible Server with VNet Integration. |
Function App secured by Azure Frontdoor |
This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link. |
min.io Azure Gateway |
Fully private min.io Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage |
Private Endpoint example |
This template shows how to create a private endpoint pointing to Azure SQL Server |
Private Function App and private endpoint-secured Storage |
This template provisions a function app on a Premium plan that has private endpoints and communicates with Azure Storage over private endpoints. |
Secure N-tier Web App |
This template allows you to create a secure end to end solution with two web apps with staging slots, front end and back end, front end will consume securely the back through VNet injection and Private Endpoint |
SonarQube on Web App with PostgreSQL and VNet integration |
This template provides easy to deploy SonarQube to Web App on Linux with PostgreSQL Flexible Server, VNet integration and private DNS. |
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology |
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering. |
Web App with Private Endpoint |
This template allows you to create a Web App and expose it through Private Endpoint |
Web App with VNet Injection and Private Endpoint |
This template allows you to create a secure end to end solution with two web apps, front end and back end, front end will consume securely the back through VNet injection and Private Endpoint |
WebApp consuming a Azure SQL Private Endpoint |
This template shows how to create a Web app that consumes a private endpoint pointing to Azure SQL Server |
Terraform (AzAPI provider) resource definition
The privateDnsZones resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/privateDnsZones resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/privateDnsZones@2024-06-01"
name = "string"
etag = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
}
})
}
Property values
Microsoft.Network/privateDnsZones
Name | Description | Value |
---|---|---|
etag | The ETag of the zone. | string |
location | The Azure Region where the resource lives | string |
name | The resource name | string (required) |
properties | Properties of the Private DNS zone. | PrivateZoneProperties |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Network/privateDnsZones@2024-06-01" |
PrivateZoneProperties
Name | Description | Value |
---|
TrackedResourceTags
Name | Description | Value |
---|