Share via

Private DNS zone created via Azure CLI not visible in Azure Portal

Ash B 40 Reputation points
2026-05-11T16:18:56.1633333+00:00

Hi,

I’ve created a Private DNS zone using Azure CLI, however I am seeing different behaviour between the CLI and the Azure Portal.

Steps performed

I ran the following commands:

az account set --subscription "<subscription-id>"

az network private-dns zone create \

--resource-group "<resource-group-name>" \

--name "privatelink.azurewebsites.net"

Expected behaviour

The Private DNS zone should be visible in:

Azure Portal → Private DNS zones

Actual behaviour

  • The DNS zone is successfully created and visible via CLI:

az network private-dns zone list

The output shows:

Name: privatelink.azurewebsites.net

Location: global

Provisioning state: Succeeded

However, in the Azure Portal:

  • The Private DNS zones blade shows: 
   No private dns zones to display

  - Even when:
  
        - Subscription filter is set to “All”
        
              - Resource group filter is cleared
              
                    - Page is refreshed

Additional context

  • The resource group exists and is visible in the portal
  • The DNS zone is created in the expected resource group
  • Other resources in the same resource group are visible
  • The DNS zone is a global resource (as expected for Private DNS zones)
  • I am working across multiple subscriptions/tenants

Question

Is there a known reason why a Private DNS zone would be visible via Azure CLI but not appear in the Azure Portal?

What I have already checked

  • Verified current subscription in CLI: az account show
  • Verified resource exists: az network private-dns zone show \ --resource-group "<resource-group-name>" \ --name "privatelink.azurewebsites.net" Show more lines
    • Confirmed provisioning state is Succeeded

Any guidance would be appreciated.

Azure DNS
Azure DNS

An Azure service that enables hosting Domain Name System (DNS) domains in Azure.

Answer accepted by question author

AI answer

2026-05-11T16:19:14.1633333+00:00

The most likely cause is that the Azure Portal view is not scoped to the same subscription and resource group where the private DNS zone was created, even though the resource exists and is visible via Azure CLI.

Key points from the CLI behavior and documentation:

  1. az network private-dns zone create creates a Private DNS zone as a global resource in the specified resource group and subscription: 
       az network private-dns zone create \
       --resource-group <resource-group-name> \
       --name "privatelink.azurewebsites.net"
    The command requires only --resource-group and --name and does not take a location, because private DNS zones are global resources.
  2. Listing private DNS zones with: 
       az network private-dns zone list
    returns all private DNS zones in the currently selected subscription. Adding --resource-group scopes the list to a specific resource group.
  3. The Azure DNS documentation notes that DNS resources are global, but they are still contained in a specific resource group and subscription:
    • The zone name must be unique within the resource group.
    • The same zone name can be reused in a different resource group or subscription.

Given that the CLI shows the zone with Provisioning state: Succeeded, the resource is correctly created. When it does not appear in the Portal’s Private DNS zones blade, the usual reasons are:

  1. Portal subscription scope mismatch
    The Portal may be scoped to a different subscription than the one selected in CLI with az account set. Even if the subscription filter is set to “All” in some blades, the overall portal directory/subscription context can still differ from the CLI context.
  2. Portal directory (tenant) mismatch
    When working across multiple tenants, the Portal may be logged into a different Azure AD tenant than the one where the subscription (and the private DNS zone) resides. In that case, the resource will never appear in the Portal until the correct directory is selected.
  3. Resource group filter in the Private DNS zones blade
    Even if the global filter is cleared, the Private DNS zones blade can still be scoped to a specific resource group or subscription. The zone will only appear when the blade is scoped to the resource group and subscription where it was created.

Actionable checks:

  1. In Azure Portal, switch to the correct directory/tenant that contains the subscription used in CLI.
  2. In the Portal’s top bar, open Directory + subscription and ensure the subscription that az account show reports is checked and active.
  3. In Private DNS zones:
    • Set Subscription filter to the specific subscription used in CLI (not just “All”).
    • Set Resource group filter to the exact resource group passed to --resource-group.
    • Refresh the blade.
  4. Alternatively, go to Resource groups → <resource-group-name> → Overview and check whether the private DNS zone appears in the resource list there. If it does, it confirms the zone exists and the issue is only with the Private DNS zones blade filtering.

There is no product behavior in the provided documentation indicating that a successfully created private DNS zone would be intentionally hidden from the Portal; discrepancies are due to subscription/tenant or filter scoping rather than a different resource type or location.

References:

AI-generated content may be incorrect. Read our transparency notes for more information.

Was this answer helpful?

1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vallepu Venkateswarlu 10,180 Reputation points Microsoft External Staff Moderator
    2026-05-11T19:41:18.0133333+00:00

    Hi @ Ash B,
    Welcome to Microsoft Q&A Platform**

    It looks like your Private DNS zone really exists (CLI shows it under “global” and provisioning state = Succeeded) but the portal’s Private DNS zones blade isn’t listing it. In almost all cases like this it comes down to one of the following:

    Tenant/Directory mismatch

    • You’re juggling multiple tenants/subscriptions and the portal is signed into a different directory than where the zone lives.
    • Action: Click your user avatar (top-right) ➔ “Switch directory” and pick the one that matches the tenantId from az account show.

    Subscription filter or RBAC

    • Even “All subscriptions” in the portal only shows resources in subscriptions you actually have access to. If you lack Reader (or higher) on that sub/RG, it won’t show.
    • Action: In the portal go to your Subscriptions blade, verify you see and have Reader/Contributor on the target subscription.

    Resource Group view vs. dedicated blade

    • Sometimes the Private DNS blade misbehaves; you can confirm existence by going to Resource Groups ➔ your-RG ➔ “Resources” and look for your zone there.
    • If it appears in the RG but not the Private DNS list, try a hard-refresh (Ctrl+F5) or Incognito mode, or use Azure Resource Explorer (RESOURCES.AZURE.COM) to confirm.

    Portal caching glitch

    Rare, but clearing browser cache or using a different browser session can help.

    References

    Create an Azure private DNS zone using the Azure CLI – https://learn.microsoft.com/azure/dns/private-dns-getstarted-cli
    Private DNS zones and records overview – https://learn.microsoft.com/azure/dns/private-dns-privatednszone • Create & manage Private DNS zones in the portal – https://learn.microsoft.com/azure/dns/private-dns-getstarted-portal
    Virtual network links in Private DNS – https://learn.microsoft.com/azure/dns/private-dns-virtual-network-links

    Please210246-screenshot-2021-12-10-121802.pngand “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.