Azure Landing Zones Documentation
Home GitHub Issue Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Azure Landing Zones Documentation
  2. /
  3. Accelerator
  4. /
  5. Starter Modules
  6. /
  7. Terraform - Azure Verified Modules for Platform Landing Zone (ALZ)
  8. /
  9. Options
  10. /
  11. 5 - Turn off Private DNS zones and Private DNS resolver
Edit page

5 - Turn off Private DNS zones and Private DNS resolver

You can choose to not deploy any DNS related resources. In order to do that, you need to update the DNS configuration and disable the DINE (deploy if not exists) policy.

The steps to follow are:

  1. Update the following settings by searching for the keys and updating the value

    Setting TypeParent block(s)KeyActionCountNotes
    linecustom_replacements > names<region>_private_dns_zones_enabledUpdate setting to false1+<region> is the relevant region (e.g. primary)
    You should not remove the DNS names from the custom_replacements section as it will result in a templating error. Advanced Terraform users are welcome to tidy up the config and remove the names and related templates if there is no future plan to use Private DNS.

  2. Add the follow configuration to the management_group_settings > policy_assignments_to_modify block setting

    If you have updated the corp management group ID, then you need to update the management group ID in this block setting to match. For example, replace corp with contoso-corp.
    corp = {
  policy_assignments = {
    Deploy-Private-DNS-Zones = {
      enforcement_mode = "DoNotEnforce"
    }
  }
}
gdoc_arrow_left_alt 4 - Turn off Bastion host 6 - Turn off Virtual Network Gateways gdoc_arrow_right_alt