Microsoft.Network privateDnsZones

Bicep resource definition

The privateDnsZones resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/privateDnsZones resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/privateDnsZones@2024-06-01' = {
  etag: 'string'
  location: 'string'
  name: 'string'
  properties: {}
  tags: {
    {customized property}: 'string'
  }
}

Property values

Microsoft.Network/privateDnsZones

Name Description Value
etag The ETag of the zone. string
location The Azure Region where the resource lives string
name The resource name string (required)
properties Properties of the Private DNS zone. PrivateZoneProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

PrivateZoneProperties

Name Description Value

TrackedResourceTags

Name Description Value

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
AKS Cluster with a NAT Gateway and an Application Gateway This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
AKS cluster with the Application Gateway Ingress Controller This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Application Gateway with internal API Management and Web App Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App.
Azure AI Studio Network Restricted This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio Network Restricted This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure Batch pool without public IP addresses This template creates Azure Batch simplified node communication pool without public IP addresses.
Azure Cloud Shell - VNet This template deploys Azure Cloud Shell resources into an Azure virtual network.
Azure Databricks All-in-one Templat VNetInjection-Pvtendpt This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network, and Private Endpoint.
Azure Digital Twins with Function and Private Link service This template creates an Azure Digital Twins service configured with a Virtual Network connected Azure Function that can communicate through a Private Link Endpoint to Digital Twins. It also creates a Private DNS Zone to allow seamless hostname resolution of the Digital Twins Endpoint from the Virtual Network to the Private Endpoint internal subnet IP address. The hostname is stored as a setting to the Azure Function with name 'ADT_ENDPOINT'.
Azure Machine Learning end-to-end secure setup This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy) This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure private DNS domain hosting example This template shows how to create a private DNS zone and optionally enable VM registration
AzureDatabricks Template for Default Storage Firewall This template allows you to create a network security group, a virtual network, private endpoint, and a default storage firewall enabled Azure Databricks workspace with the virtual network and the system-assigned access connector.
Create a Private AKS Cluster This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine.
Create a Web App, PE and Application Gateway v2 This template creates an Azure Web App with Private endpoint in Azure Virtual Network Subnet , an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet). The Web App restricts access to traffic from the subnet using private endpoint
Create AKS with Prometheus and Grafana with privae link This will create an Azure grafana, AKS and install Prometheus, an open-source monitoring and alerting toolkit, on an Azure Kubernetes Service (AKS) cluster. Then you use Azure Managed Grafana's managed private endpoint to connect to this Prometheus server and display the Prometheus data in a Grafana dashboard
Create an API Management service with a private endpoint This template will create an API Management service, a virtual network and a private endpoint exposing the API Management service to the virtual network.
Create an AppServicePlan and App in an ASEv3 Create an AppServicePlan and App in an ASEv3
Create an Azure Machine Learning service workspace (legacy) This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Machine Learning service workspace (vnet) This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create API Management in Internal VNet with App Gateway This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway.
Create Application Gateway with Certificates This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway.
Create Function App and private endpoint-secured Storage This template allows you to deploy an Azure Function App that communicates with Azure Storage over private endpoints.
Deploy Azure Database for PostgreSQL (flexible) with VNet This template provides a way to deploy a Flexible server Azure database for PostgreSQL with VNet integration.
Deploy MySQL Flexible Server with Private Endpoint This template provides a way to deploy a Azure Database for MySQL Flexible Server with Private Endpoint.
Deploy MySQL Flexible Server with Vnet Integration This template provides a way to deploy a Azure database for MySQL Flexible Server with VNet Integration.
Function App secured by Azure Frontdoor This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link.
Private Endpoint example This template shows how to create a private endpoint pointing to Azure SQL Server
Private Function App and private endpoint-secured Storage This template provisions a function app on a Premium plan that has private endpoints and communicates with Azure Storage over private endpoints.
Secure N-tier Web App This template allows you to create a secure end to end solution with two web apps with staging slots, front end and back end, front end will consume securely the back through VNet injection and Private Endpoint
SonarQube on Web App with PostgreSQL and VNet integration This template provides easy to deploy SonarQube to Web App on Linux with PostgreSQL Flexible Server, VNet integration and private DNS.
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Web App with VNet Injection and Private Endpoint This template allows you to create a secure end to end solution with two web apps, front end and back end, front end will consume securely the back through VNet injection and Private Endpoint

ARM template resource definition

The privateDnsZones resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/privateDnsZones resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/privateDnsZones",
  "apiVersion": "2024-06-01",
  "name": "string",
  "etag": "string",
  "location": "string",
  "properties": {
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

Microsoft.Network/privateDnsZones

Name Description Value
apiVersion The api version '2024-06-01'
etag The ETag of the zone. string
location The Azure Region where the resource lives string
name The resource name string (required)
properties Properties of the Private DNS zone. PrivateZoneProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Network/privateDnsZones'

PrivateZoneProperties

Name Description Value

TrackedResourceTags

Name Description Value

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
App Service Environment with Azure SQL backend

Deploy to Azure
This template creates an App Service Environment with an Azure SQL backend along with private endpoints along with associated resources typically used in an private/isolated environment.
Application Gateway with internal API Management and Web App

Deploy to Azure
Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App.
Azure AI Studio Network Restricted

Deploy to Azure
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio Network Restricted

Deploy to Azure
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure Batch pool without public IP addresses

Deploy to Azure
This template creates Azure Batch simplified node communication pool without public IP addresses.
Azure Cloud Shell - VNet

Deploy to Azure
This template deploys Azure Cloud Shell resources into an Azure virtual network.
Azure Cognitive Search service with private endpoint

Deploy to Azure
This template creates an Azure Cognitive Search service with a private endpoint.
Azure Databricks All-in-one Templat VNetInjection-Pvtendpt

Deploy to Azure
This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network, and Private Endpoint.
Azure Digital Twins with Function and Private Link service

Deploy to Azure
This template creates an Azure Digital Twins service configured with a Virtual Network connected Azure Function that can communicate through a Private Link Endpoint to Digital Twins. It also creates a Private DNS Zone to allow seamless hostname resolution of the Digital Twins Endpoint from the Virtual Network to the Private Endpoint internal subnet IP address. The hostname is stored as a setting to the Azure Function with name 'ADT_ENDPOINT'.
Azure Machine Learning end-to-end secure setup

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy)

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure private DNS domain hosting example

Deploy to Azure
This template shows how to create a private DNS zone and optionally enable VM registration
AzureDatabricks Template for Default Storage Firewall

Deploy to Azure
This template allows you to create a network security group, a virtual network, private endpoint, and a default storage firewall enabled Azure Databricks workspace with the virtual network and the system-assigned access connector.
AzureDatabricks Template with Default Storage Firewall

Deploy to Azure
This template allows you to create an Default Storage Firewall enabled Azure Databricks workspace with Privateendpoint, all three forms of CMK, and User-Assigned Access Connector.
Connect to a Event Hubs namespace via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access a Event Hubs namespace via a private endpoint.
Connect to a Key Vault via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint.
Connect to a Service Bus namespace via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access a Service Bus namespace via private endpoint.
Connect to a storage account from a VM via private endpoint

Deploy to Azure
This sample shows how to use connect a virtual network to access a blob storage account via private endpoint.
Connect to an Azure File Share via a Private Endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access an Azure File Share via a private endpoint.
Create a Private AKS Cluster

Deploy to Azure
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Create a Web App, PE and Application Gateway v2

Deploy to Azure
This template creates an Azure Web App with Private endpoint in Azure Virtual Network Subnet , an Application Gateway v2. The Application Gateway is deployed in a vNet (subnet). The Web App restricts access to traffic from the subnet using private endpoint
Create AKS with Prometheus and Grafana with privae link

Deploy to Azure
This will create an Azure grafana, AKS and install Prometheus, an open-source monitoring and alerting toolkit, on an Azure Kubernetes Service (AKS) cluster. Then you use Azure Managed Grafana's managed private endpoint to connect to this Prometheus server and display the Prometheus data in a Grafana dashboard
Create an API Management service with a private endpoint

Deploy to Azure
This template will create an API Management service, a virtual network and a private endpoint exposing the API Management service to the virtual network.
Create an AppServicePlan and App in an ASEv3

Deploy to Azure
Create an AppServicePlan and App in an ASEv3
Create an Azure Machine Learning service workspace (legacy)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Machine Learning service workspace (vnet)

Deploy to Azure
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create API Management in Internal VNet with App Gateway

Deploy to Azure
This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway.
Create Application Gateway with Certificates

Deploy to Azure
This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway.
Create Function App and private endpoint-secured Storage

Deploy to Azure
This template allows you to deploy an Azure Function App that communicates with Azure Storage over private endpoints.
Deploy an Azure Databricks Workspace with PE,CMK all forms

Deploy to Azure
This template allows you to create an Azure Databricks workspace with PrivateEndpoint and managed services and CMK with DBFS encryption.
Deploy Azure Database for PostgreSQL (flexible) with VNet

Deploy to Azure
This template provides a way to deploy a Flexible server Azure database for PostgreSQL with VNet integration.
Deploy MySQL Flexible Server with Private Endpoint

Deploy to Azure
This template provides a way to deploy a Azure Database for MySQL Flexible Server with Private Endpoint.
Deploy MySQL Flexible Server with Vnet Integration

Deploy to Azure
This template provides a way to deploy a Azure database for MySQL Flexible Server with VNet Integration.
Function App secured by Azure Frontdoor

Deploy to Azure
This template allows you to deploy an azure premium function protected and published by Azure Frontdoor premium. The conenction between Azure Frontdoor and Azure Functions is protected by Azure Private Link.
min.io Azure Gateway

Deploy to Azure
Fully private min.io Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage
Private Endpoint example

Deploy to Azure
This template shows how to create a private endpoint pointing to Azure SQL Server
Private Function App and private endpoint-secured Storage

Deploy to Azure
This template provisions a function app on a Premium plan that has private endpoints and communicates with Azure Storage over private endpoints.
Secure N-tier Web App

Deploy to Azure
This template allows you to create a secure end to end solution with two web apps with staging slots, front end and back end, front end will consume securely the back through VNet injection and Private Endpoint
SonarQube on Web App with PostgreSQL and VNet integration

Deploy to Azure
This template provides easy to deploy SonarQube to Web App on Linux with PostgreSQL Flexible Server, VNet integration and private DNS.
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology

Deploy to Azure
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Web App with Private Endpoint

Deploy to Azure
This template allows you to create a Web App and expose it through Private Endpoint
Web App with VNet Injection and Private Endpoint

Deploy to Azure
This template allows you to create a secure end to end solution with two web apps, front end and back end, front end will consume securely the back through VNet injection and Private Endpoint
WebApp consuming a Azure SQL Private Endpoint

Deploy to Azure
This template shows how to create a Web app that consumes a private endpoint pointing to Azure SQL Server

Terraform (AzAPI provider) resource definition

The privateDnsZones resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/privateDnsZones resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/privateDnsZones@2024-06-01"
  name = "string"
  etag = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
    }
  })
}

Property values

Microsoft.Network/privateDnsZones

Name Description Value
etag The ETag of the zone. string
location The Azure Region where the resource lives string
name The resource name string (required)
properties Properties of the Private DNS zone. PrivateZoneProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Network/privateDnsZones@2024-06-01"

PrivateZoneProperties

Name Description Value

TrackedResourceTags

Name Description Value