Question about Deployment Stacks and DNS Zone deployment

[aavdberg]

Have a question about Deployment Stacks and Public DNS Zones.

When I deploy with bicep a Public DNS Zone in Azure and don't specify the NS records these get automatily created.

But when I deploy the same bicep with Deployment Stack, my question is when I configure the parameter -ActionOnUnmanage "deleteResources" with the powershell cmdlet New-AzResourceGroupDeploymentStack

Do the NS records get deleted and do I need to specify these also in the bicep file?

@alex-frankel @anthony-c-martin ?

[dantedallag]

If I am following your example correctly, some network security groups (assuming this is what is meant by NS records, but please correct me if I am wrong) are being implicitly created as a result of public DNS zone deployment.

Implicitly deployed resources are not tracked by deployment stacks and are documented in our known limitations here: https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deployment-stacks?tabs=azure-powershell.

So, they should not be deleted when the same template is deployed, even though they are not in the bicep file; the deployment stack doesn't know about them. If an implicitly created resource is a child resource of a managed resource in a deployment stack, and the deployment stack cleans up the managed resource, then the implicitly created child resource would be deleted. This is not a feature of the deployment stack though, just a function of how resource hierarchy works (but it could be a useful thing to know for cleanup of these non-managed implicitly created resources).

[azcloudfarmer]

Hello @aavdberg - friendly follow up on your question. Thanks!

[azcloudfarmer]

Hi @aavdberg - friendly follow up on your question. Thanks!

[aavdberg]

Hi @azcloudfarmer have deployed with Deployment Stack and it's working now.

The ns records are not deleted when they are not in the code.