Search

Please login in for more filter options

Kickstart your project with AVM templates.

AVM Bicep Modules
AVM Terraform Modules

dns-resolver

avm-bicep

report
Report Package dns-resolver

If you believe that this package or its contents contain harmful information, please inform us.
Please be aware that we will never share your credentials.

Please let us know what this package contains.
Please enter a valid email address.

This Bicep AVM module deploys a DNS Resolver.

ipm add --package avm-bicep/dns-resolver --version 0.5.6

Published: 14-01-2026

Project URL: https://ipmhub.io/avm-bicep

Package Type: Bicep

License: MIT

DNS Resolver [Microsoft.Network/dnsResolvers]

This module deploys a DNS Resolver.

You can reference the module as follows:

module dnsResolver './packages/dns-resolver/main.bicep' = {
  params: { (...) }
}

For examples, please refer to the Usage Examples section.

Navigation

Resource Types

Resource Type API Version References
Microsoft.Authorization/locks 2020-05-01
Microsoft.Authorization/roleAssignments 2022-04-01
Microsoft.Network/dnsResolvers 2025-05-01
Microsoft.Network/dnsResolvers/inboundEndpoints 2025-05-01
Microsoft.Network/dnsResolvers/outboundEndpoints 2025-05-01

Usage examples

The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.

Note: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.

Note: To reference the module, please use the following syntax ./packages/dns-resolver/main.bicep.

Example 1: Using only defaults

This instance deploys the module with the minimum set of required parameters.

You can find the full example and the setup of its dependencies in the deployment test folder path [/tests/e2e/defaults]

via Bicep module 
module dnsResolver './packages/dns-resolver/main.bicep' = {
  params: {
    // Required parameters
    name: 'ndrmin001'
    virtualNetworkResourceId: '<virtualNetworkResourceId>'
  }
}

via JSON parameters file 
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "ndrmin001"
    },
    "virtualNetworkResourceId": {
      "value": "<virtualNetworkResourceId>"
    }
  }
}

via Bicep parameters file 
using './packages/dns-resolver/main.bicep'

// Required parameters
param name = 'ndrmin001'
param virtualNetworkResourceId = '<virtualNetworkResourceId>'

Example 2: Using large parameter set

This instance deploys the module with most of its features enabled.

You can find the full example and the setup of its dependencies in the deployment test folder path [/tests/e2e/max]

via Bicep module 
module dnsResolver './packages/dns-resolver/main.bicep' = {
  params: {
    // Required parameters
    name: 'ndrmax001'
    virtualNetworkResourceId: '<virtualNetworkResourceId>'
    // Non-required parameters
    inboundEndpoints: [
      {
        name: 'ndrmax-az-pdnsin-x-001'
        subnetResourceId: '<subnetResourceId>'
      }
    ]
    location: '<location>'
    lock: {
      kind: 'CanNotDelete'
      name: 'myCustomLockName'
    }
    outboundEndpoints: [
      {
        name: 'ndrmax-az-pdnsout-x-001'
        subnetResourceId: '<subnetResourceId>'
      }
    ]
    roleAssignments: [
      {
        name: '83c82ade-1ada-4374-82d0-325f39a44af6'
        principalId: '<principalId>'
        principalType: 'ServicePrincipal'
        roleDefinitionIdOrName: 'Owner'
      }
      {
        name: '<name>'
        principalId: '<principalId>'
        principalType: 'ServicePrincipal'
        roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
      }
      {
        principalId: '<principalId>'
        principalType: 'ServicePrincipal'
        roleDefinitionIdOrName: '<roleDefinitionIdOrName>'
      }
    ]
    tags: {
      Environment: 'Non-Prod'
      'hidden-title': 'This is visible in the resource name'
      Role: 'DeploymentValidation'
    }
  }
}

via JSON parameters file 
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "ndrmax001"
    },
    "virtualNetworkResourceId": {
      "value": "<virtualNetworkResourceId>"
    },
    // Non-required parameters
    "inboundEndpoints": {
      "value": [
        {
          "name": "ndrmax-az-pdnsin-x-001",
          "subnetResourceId": "<subnetResourceId>"
        }
      ]
    },
    "location": {
      "value": "<location>"
    },
    "lock": {
      "value": {
        "kind": "CanNotDelete",
        "name": "myCustomLockName"
      }
    },
    "outboundEndpoints": {
      "value": [
        {
          "name": "ndrmax-az-pdnsout-x-001",
          "subnetResourceId": "<subnetResourceId>"
        }
      ]
    },
    "roleAssignments": {
      "value": [
        {
          "name": "83c82ade-1ada-4374-82d0-325f39a44af6",
          "principalId": "<principalId>",
          "principalType": "ServicePrincipal",
          "roleDefinitionIdOrName": "Owner"
        },
        {
          "name": "<name>",
          "principalId": "<principalId>",
          "principalType": "ServicePrincipal",
          "roleDefinitionIdOrName": "b24988ac-6180-42a0-ab88-20f7382dd24c"
        },
        {
          "principalId": "<principalId>",
          "principalType": "ServicePrincipal",
          "roleDefinitionIdOrName": "<roleDefinitionIdOrName>"
        }
      ]
    },
    "tags": {
      "value": {
        "Environment": "Non-Prod",
        "hidden-title": "This is visible in the resource name",
        "Role": "DeploymentValidation"
      }
    }
  }
}

via Bicep parameters file 
using './packages/dns-resolver/main.bicep'

// Required parameters
param name = 'ndrmax001'
param virtualNetworkResourceId = '<virtualNetworkResourceId>'
// Non-required parameters
param inboundEndpoints = [
  {
    name: 'ndrmax-az-pdnsin-x-001'
    subnetResourceId: '<subnetResourceId>'
  }
]
param location = '<location>'
param lock = {
  kind: 'CanNotDelete'
  name: 'myCustomLockName'
}
param outboundEndpoints = [
  {
    name: 'ndrmax-az-pdnsout-x-001'
    subnetResourceId: '<subnetResourceId>'
  }
]
param roleAssignments = [
  {
    name: '83c82ade-1ada-4374-82d0-325f39a44af6'
    principalId: '<principalId>'
    principalType: 'ServicePrincipal'
    roleDefinitionIdOrName: 'Owner'
  }
  {
    name: '<name>'
    principalId: '<principalId>'
    principalType: 'ServicePrincipal'
    roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
  }
  {
    principalId: '<principalId>'
    principalType: 'ServicePrincipal'
    roleDefinitionIdOrName: '<roleDefinitionIdOrName>'
  }
]
param tags = {
  Environment: 'Non-Prod'
  'hidden-title': 'This is visible in the resource name'
  Role: 'DeploymentValidation'
}

Example 3: WAF-aligned

This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.

You can find the full example and the setup of its dependencies in the deployment test folder path [/tests/e2e/waf-aligned]

via Bicep module 
module dnsResolver './packages/dns-resolver/main.bicep' = {
  params: {
    // Required parameters
    name: 'ndrwaf001'
    virtualNetworkResourceId: '<virtualNetworkResourceId>'
    // Non-required parameters
    inboundEndpoints: [
      {
        name: 'ndrwaf-az-pdnsin-x-001'
        subnetResourceId: '<subnetResourceId>'
      }
    ]
    lock: {
      kind: 'CanNotDelete'
      name: 'myCustomLockName'
    }
    outboundEndpoints: [
      {
        name: 'ndrwaf-az-pdnsout-x-001'
        subnetResourceId: '<subnetResourceId>'
      }
    ]
    tags: {
      Environment: 'Non-Prod'
      'hidden-title': 'This is visible in the resource name'
      Role: 'DeploymentValidation'
    }
  }
}

via JSON parameters file 
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "ndrwaf001"
    },
    "virtualNetworkResourceId": {
      "value": "<virtualNetworkResourceId>"
    },
    // Non-required parameters
    "inboundEndpoints": {
      "value": [
        {
          "name": "ndrwaf-az-pdnsin-x-001",
          "subnetResourceId": "<subnetResourceId>"
        }
      ]
    },
    "lock": {
      "value": {
        "kind": "CanNotDelete",
        "name": "myCustomLockName"
      }
    },
    "outboundEndpoints": {
      "value": [
        {
          "name": "ndrwaf-az-pdnsout-x-001",
          "subnetResourceId": "<subnetResourceId>"
        }
      ]
    },
    "tags": {
      "value": {
        "Environment": "Non-Prod",
        "hidden-title": "This is visible in the resource name",
        "Role": "DeploymentValidation"
      }
    }
  }
}

via Bicep parameters file 
using './packages/dns-resolver/main.bicep'

// Required parameters
param name = 'ndrwaf001'
param virtualNetworkResourceId = '<virtualNetworkResourceId>'
// Non-required parameters
param inboundEndpoints = [
  {
    name: 'ndrwaf-az-pdnsin-x-001'
    subnetResourceId: '<subnetResourceId>'
  }
]
param lock = {
  kind: 'CanNotDelete'
  name: 'myCustomLockName'
}
param outboundEndpoints = [
  {
    name: 'ndrwaf-az-pdnsout-x-001'
    subnetResourceId: '<subnetResourceId>'
  }
]
param tags = {
  Environment: 'Non-Prod'
  'hidden-title': 'This is visible in the resource name'
  Role: 'DeploymentValidation'
}

Parameters

Required parameters

Parameter Type Description
name string Name of the DNS Private Resolver.
virtualNetworkResourceId string ResourceId of the virtual network to attach the DNS Private Resolver to.

Optional parameters

Parameter Type Description
enableTelemetry bool Enable/Disable usage telemetry for module.
inboundEndpoints array Inbound Endpoints for DNS Private Resolver.
location string Location for all resources.
lock object The lock settings of the service.
outboundEndpoints array Outbound Endpoints for DNS Private Resolver.
roleAssignments array Array of role assignments to create.
tags object Tags of the resource.

Parameter: name

Name of the DNS Private Resolver.

  • Required: Yes
  • Type: string

Parameter: virtualNetworkResourceId

ResourceId of the virtual network to attach the DNS Private Resolver to.

  • Required: Yes
  • Type: string

Parameter: enableTelemetry

Enable/Disable usage telemetry for module.

  • Required: No
  • Type: bool
  • Default: True

Parameter: inboundEndpoints

Inbound Endpoints for DNS Private Resolver.

  • Required: No
  • Type: array

Required parameters

Parameter Type Description
name string Name of the inbound endpoint.
subnetResourceId string The reference to the subnet bound to the IP configuration.

Optional parameters

Parameter Type Description
location string Location for all resources.
privateIpAddress string Private IP address of the IP configuration.
privateIpAllocationMethod string Private IP address allocation method.
tags object Tags for the resource.

Parameter: inboundEndpoints.name

Name of the inbound endpoint.

  • Required: Yes
  • Type: string

Parameter: inboundEndpoints.subnetResourceId

The reference to the subnet bound to the IP configuration.

  • Required: Yes
  • Type: string

Parameter: inboundEndpoints.location

Location for all resources.

  • Required: No
  • Type: string

Parameter: inboundEndpoints.privateIpAddress

Private IP address of the IP configuration.

  • Required: No
  • Type: string

Parameter: inboundEndpoints.privateIpAllocationMethod

Private IP address allocation method.

  • Required: No
  • Type: string
  • Allowed:
    [
  'Dynamic'
  'Static'
]

Parameter: inboundEndpoints.tags

Tags for the resource.

  • Required: No
  • Type: object

Parameter: location

Location for all resources.

  • Required: No
  • Type: string
  • Default: [resourceGroup().location]

Parameter: lock

The lock settings of the service.

  • Required: No
  • Type: object

Optional parameters

Parameter Type Description
kind string Specify the type of lock.
name string Specify the name of lock.
notes string Specify the notes of the lock.

Parameter: lock.kind

Specify the type of lock.

  • Required: No
  • Type: string
  • Allowed:
    [
  'CanNotDelete'
  'None'
  'ReadOnly'
]

Parameter: lock.name

Specify the name of lock.

  • Required: No
  • Type: string

Parameter: lock.notes

Specify the notes of the lock.

  • Required: No
  • Type: string

Parameter: outboundEndpoints

Outbound Endpoints for DNS Private Resolver.

  • Required: No
  • Type: array

Required parameters

Parameter Type Description
name string Name of the outbound endpoint.
subnetResourceId string ResourceId of the subnet to attach the outbound endpoint to.

Optional parameters

Parameter Type Description
location string Location for all resources.
tags object Tags of the resource.

Parameter: outboundEndpoints.name

Name of the outbound endpoint.

  • Required: Yes
  • Type: string

Parameter: outboundEndpoints.subnetResourceId

ResourceId of the subnet to attach the outbound endpoint to.

  • Required: Yes
  • Type: string

Parameter: outboundEndpoints.location

Location for all resources.

  • Required: No
  • Type: string

Parameter: outboundEndpoints.tags

Tags of the resource.

  • Required: No
  • Type: object

Parameter: roleAssignments

Array of role assignments to create.

  • Required: No
  • Type: array
  • Roles configurable by name:
    • 'Contributor'
    • 'DNS Resolver Contributor'
    • 'DNS Zone Contributor'
    • 'Domain Services Contributor'
    • 'Domain Services Reader'
    • 'Network Contributor'
    • 'Owner'
    • 'Private DNS Zone Contributor'
    • 'Reader'
    • 'Role Based Access Control Administrator'

Required parameters

Parameter Type Description
principalId string The principal ID of the principal (user/group/identity) to assign the role to.
roleDefinitionIdOrName string The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.

Optional parameters

Parameter Type Description
condition string The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".
conditionVersion string Version of the condition.
delegatedManagedIdentityResourceId string The Resource Id of the delegated managed identity resource.
description string The description of the role assignment.
name string The name (as GUID) of the role assignment. If not provided, a GUID will be generated.
principalType string The principal type of the assigned principal ID.

Parameter: roleAssignments.principalId

The principal ID of the principal (user/group/identity) to assign the role to.

  • Required: Yes
  • Type: string

Parameter: roleAssignments.roleDefinitionIdOrName

The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.

  • Required: Yes
  • Type: string

Parameter: roleAssignments.condition

The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".

  • Required: No
  • Type: string

Parameter: roleAssignments.conditionVersion

Version of the condition.

  • Required: No
  • Type: string
  • Allowed:
    [
  '2.0'
]

Parameter: roleAssignments.delegatedManagedIdentityResourceId

The Resource Id of the delegated managed identity resource.

  • Required: No
  • Type: string

Parameter: roleAssignments.description

The description of the role assignment.

  • Required: No
  • Type: string

Parameter: roleAssignments.name

The name (as GUID) of the role assignment. If not provided, a GUID will be generated.

  • Required: No
  • Type: string

Parameter: roleAssignments.principalType

The principal type of the assigned principal ID.

  • Required: No
  • Type: string
  • Allowed:
    [
  'Device'
  'ForeignGroup'
  'Group'
  'ServicePrincipal'
  'User'
]

Parameter: tags

Tags of the resource.

  • Required: No
  • Type: object

Outputs

Output Type Description
inboundEndpointsObject array The inbound endpoints object.
location string The location the resource was deployed into.
name string The name of the DNS Private Resolver.
outboundEndpointsObject array The outbound endpoints object.
resourceGroupName string The resource group the DNS Private Resolver was deployed into.
resourceId string The resource ID of the DNS Private Resolver.

Cross-referenced modules

This section gives you an overview of all local-referenced module files (i.e., other modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).

Reference Type
./packages/utl-common-types/main.bicep Local Reference

Data Collection

The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft's privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.

Changelog

The latest version of the changelog can be found here.

0.5.6

Changes

  • Updated child module deployment names to use stable identifiers instead of deployment().name to prevent deployment history accumulation when using Azure Deployment Stacks.

Breaking Changes

  • None

0.5.5

Changes

  • Added type for all tags parameters
  • Updated API version to latest 2025-05-01
  • Updated LockType to 'avm-common-types version' 0.6.0, enabling custom notes for locks.

Breaking Changes

  • None

0.5.4

Changes

  • Initial version
  • Updated ReadMe with AzAdvertizer reference

Breaking Changes

  • None
 
 {
  "workingFolder": "packages",
  "packages": [
    // packages defined earlier
    {
      "name": "avm-bicep/dns-resolver",
      "version": "0.5.6"
    }
  ]
}

Stats

Selected version:

0.5.6

Downloads this version:

0

Downloads all versions:

0

Latest version:

0.5.6

Latest update:

14-01-2026

avm-bicep

Other versions (5)

0.5.6

0.5.5

0.5.4

0.5.2

0.5.0

Other packages

from avm-bicep

aad-domain-services

action-rules

action-groups

View all from publisher

Ready to End Infrastructure Code Chaos?

Join infrastructure teams who've moved from scattered repositories to unified package management

Built by infrastructure experts
Who understand your challenges
Complete solutions
No scattered files
See what's deployed where
When it needs updates
Zero vendor lock-in
Packages work without us
Start Free Trial Book Live Demo Schedule Assessment
No setup fees or contracts Free migration assistance Cancel anytime with no penalties
Direct founder access Zero security incidents in 2+ years Works with any cloud, any CI/CD platform