feat: Add vnet link updates for ResolutionPolicy (Azure#3899)

## Description

<!--
>Thank you for your contribution !
> Please include a summary of the change and which issue is fixed.
> Please also include the context.
> List any dependencies that are required for this change.

Fixes Azure#123
Fixes Azure#456
Closes Azure#123
Closes Azure#456
-->

Closes Azure#3848 

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.res.network.private-dns-zone](https://github.com/ChrisSidebotham/bicep-registry-modules/actions/workflows/avm.res.network.private-dns-zone.yml/badge.svg?branch=vnet-link-updates)](https://github.com/ChrisSidebotham/bicep-registry-modules/actions/workflows/avm.res.network.private-dns-zone.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [ ] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [x] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [ ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation

## Checklist

- [x] I'm sure there are no other open Pull Requests for the same
update/change
- [x] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [x] My corresponding pipelines / checks run clean and green without
any errors or warnings

<!-- Please keep up to date with the contribution guide at
https://aka.ms/avm/contribute/bicep -->

avm/res/network/private-dns-zone/README.md

@@ -25,7 +25,7 @@ This module deploys a Private DNS zone.
 | `Microsoft.Network/privateDnsZones/SOA` | [2020-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/SOA) |
 | `Microsoft.Network/privateDnsZones/SRV` | [2020-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/SRV) |
 | `Microsoft.Network/privateDnsZones/TXT` | [2020-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/TXT) |
-| `Microsoft.Network/privateDnsZones/virtualNetworkLinks` | [2020-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/virtualNetworkLinks) |
+| `Microsoft.Network/privateDnsZones/virtualNetworkLinks` | [2024-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-06-01/privateDnsZones/virtualNetworkLinks) |
 
 ## Usage examples
 
@@ -2674,6 +2674,7 @@ Array of custom objects describing vNet links of the DNS zone. Each object shoul
 | [`location`](#parameter-virtualnetworklinkslocation) | string | The Azure Region where the resource lives. |
 | [`name`](#parameter-virtualnetworklinksname) | string | The resource name. |
 | [`registrationEnabled`](#parameter-virtualnetworklinksregistrationenabled) | bool | Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled?. |
+| [`resolutionPolicy`](#parameter-virtualnetworklinksresolutionpolicy) | string | The resolution type of the private-dns-zone fallback machanism. |
 | [`tags`](#parameter-virtualnetworklinkstags) | object | Resource tags. |
 
 ### Parameter: `virtualNetworkLinks.virtualNetworkResourceId`
@@ -2704,6 +2705,20 @@ Is auto-registration of virtual machine records in the virtual network in the Pr
 - Required: No
 - Type: bool
 
+### Parameter: `virtualNetworkLinks.resolutionPolicy`
+
+The resolution type of the private-dns-zone fallback machanism.
+
+- Required: No
+- Type: string
+- Allowed:
+  ```Bicep
+  [
+    'Default'
+    'NxDomainRedirect'
+  ]
+  ```
+
 ### Parameter: `virtualNetworkLinks.tags`
 
 Resource tags.

avm/res/network/private-dns-zone/a/main.json

@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.29.47.4906",
-      "templateHash": "1641889417618452692"
+      "version": "0.31.92.45157",
+      "templateHash": "10712926682811010094"
     },
     "name": "Private DNS Zone A record",
     "description": "This module deploys a Private DNS Zone A record.",

avm/res/network/private-dns-zone/aaaa/main.json

@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.29.47.4906",
-      "templateHash": "17163414995652446126"
+      "version": "0.31.92.45157",
+      "templateHash": "6038454003460884843"
     },
     "name": "Private DNS Zone AAAA record",
     "description": "This module deploys a Private DNS Zone AAAA record.",

avm/res/network/private-dns-zone/cname/main.json

@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.29.47.4906",
-      "templateHash": "2493714129104385633"
+      "version": "0.31.92.45157",
+      "templateHash": "7441428857459323856"
     },
     "name": "Private DNS Zone CNAME record",
     "description": "This module deploys a Private DNS Zone CNAME record.",

avm/res/network/private-dns-zone/main.bicep

@@ -223,6 +223,7 @@ module privateDnsZone_virtualNetworkLinks 'virtual-network-link/main.bicep' = [
       location: virtualNetworkLink.?location ?? 'global'
       registrationEnabled: virtualNetworkLink.?registrationEnabled ?? false
       tags: virtualNetworkLink.?tags ?? tags
+      resolutionPolicy: virtualNetworkLink.?resolutionPolicy
     }
   }
 ]
@@ -511,4 +512,7 @@ type virtualNetworkLinkType = {
 
   @description('Optional. Resource tags.')
   tags: object?
+
+  @description('Optional. The resolution type of the private-dns-zone fallback machanism.')
+  resolutionPolicy: ('Default' | 'NxDomainRedirect')?
 }[]?

avm/res/network/private-dns-zone/main.json

@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.29.47.4906",
-      "templateHash": "5152250446888543349"
+      "version": "0.31.92.45157",
+      "templateHash": "13291748033241997493"
     },
     "name": "Private DNS Zones",
     "description": "This module deploys a Private DNS zone.",
@@ -632,6 +632,17 @@
             "metadata": {
               "description": "Optional. Resource tags."
             }
+          },
+          "resolutionPolicy": {
+            "type": "string",
+            "allowedValues": [
+              "Default",
+              "NxDomainRedirect"
+            ],
+            "nullable": true,
+            "metadata": {
+              "description": "Optional. The resolution type of the private-dns-zone fallback machanism."
+            }
           }
         }
       },
@@ -854,8 +865,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.29.47.4906",
-              "templateHash": "1641889417618452692"
+              "version": "0.31.92.45157",
+              "templateHash": "10712926682811010094"
             },
             "name": "Private DNS Zone A record",
             "description": "This module deploys a Private DNS Zone A record.",
@@ -1107,8 +1118,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.29.47.4906",
-              "templateHash": "17163414995652446126"
+              "version": "0.31.92.45157",
+              "templateHash": "6038454003460884843"
             },
             "name": "Private DNS Zone AAAA record",
             "description": "This module deploys a Private DNS Zone AAAA record.",
@@ -1360,8 +1371,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.29.47.4906",
-              "templateHash": "2493714129104385633"
+              "version": "0.31.92.45157",
+              "templateHash": "7441428857459323856"
             },
             "name": "Private DNS Zone CNAME record",
             "description": "This module deploys a Private DNS Zone CNAME record.",
@@ -1613,8 +1624,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.29.47.4906",
-              "templateHash": "10928449924272756679"
+              "version": "0.31.92.45157",
+              "templateHash": "14644449511819726117"
             },
             "name": "Private DNS Zone MX record",
             "description": "This module deploys a Private DNS Zone MX record.",
@@ -1866,8 +1877,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.29.47.4906",
-              "templateHash": "13191587152357386110"
+              "version": "0.31.92.45157",
+              "templateHash": "15207022836369022219"
             },
             "name": "Private DNS Zone PTR record",
             "description": "This module deploys a Private DNS Zone PTR record.",
@@ -2119,8 +2130,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.29.47.4906",
-              "templateHash": "12872700379964561295"
+              "version": "0.31.92.45157",
+              "templateHash": "11873116919556672567"
             },
             "name": "Private DNS Zone SOA record",
             "description": "This module deploys a Private DNS Zone SOA record.",
@@ -2372,8 +2383,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.29.47.4906",
-              "templateHash": "12918383495773487180"
+              "version": "0.31.92.45157",
+              "templateHash": "14191219094184072575"
             },
             "name": "Private DNS Zone SRV record",
             "description": "This module deploys a Private DNS Zone SRV record.",
@@ -2625,8 +2636,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.29.47.4906",
-              "templateHash": "128006490354221158"
+              "version": "0.31.92.45157",
+              "templateHash": "4736447107597592476"
             },
             "name": "Private DNS Zone TXT record",
             "description": "This module deploys a Private DNS Zone TXT record.",
@@ -2869,6 +2880,9 @@
           },
           "tags": {
             "value": "[coalesce(tryGet(coalesce(parameters('virtualNetworkLinks'), createArray())[copyIndex()], 'tags'), parameters('tags'))]"
+          },
+          "resolutionPolicy": {
+            "value": "[tryGet(coalesce(parameters('virtualNetworkLinks'), createArray())[copyIndex()], 'resolutionPolicy')]"
           }
         },
         "template": {
@@ -2878,8 +2892,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.29.47.4906",
-              "templateHash": "1713449351614683457"
+              "version": "0.31.92.45157",
+              "templateHash": "6409823868550472261"
             },
             "name": "Private DNS Zone Virtual Network Link",
             "description": "This module deploys a Private DNS Zone Virtual Network Link.",
@@ -2925,6 +2939,13 @@
               "metadata": {
                 "description": "Required. Link to another virtual network resource ID."
               }
+            },
+            "resolutionPolicy": {
+              "type": "string",
+              "nullable": true,
+              "metadata": {
+                "description": "Optional. The resolution policy on the virtual network link. Only applicable for virtual network links to privatelink zones, and for A,AAAA,CNAME queries. When set to `NxDomainRedirect`, Azure DNS resolver falls back to public resolution if private dns query resolution results in non-existent domain response. `Default` is configured as the default option."
+              }
             }
           },
           "resources": {
@@ -2936,15 +2957,16 @@
             },
             "virtualNetworkLink": {
               "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
-              "apiVersion": "2020-06-01",
+              "apiVersion": "2024-06-01",
               "name": "[format('{0}/{1}', parameters('privateDnsZoneName'), parameters('name'))]",
               "location": "[parameters('location')]",
               "tags": "[parameters('tags')]",
               "properties": {
                 "registrationEnabled": "[parameters('registrationEnabled')]",
                 "virtualNetwork": {
                   "id": "[parameters('virtualNetworkResourceId')]"
-                }
+                },
+                "resolutionPolicy": "[parameters('resolutionPolicy')]"
               },
               "dependsOn": [
                 "privateDnsZone"
@@ -2978,7 +3000,7 @@
               "metadata": {
                 "description": "The location the resource was deployed into."
               },
-              "value": "[reference('virtualNetworkLink', '2020-06-01', 'full').location]"
+              "value": "[reference('virtualNetworkLink', '2024-06-01', 'full').location]"
             }
           }
         }

avm/res/network/private-dns-zone/mx/main.json

@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.29.47.4906",
-      "templateHash": "10928449924272756679"
+      "version": "0.31.92.45157",
+      "templateHash": "14644449511819726117"
     },
     "name": "Private DNS Zone MX record",
     "description": "This module deploys a Private DNS Zone MX record.",

avm/res/network/private-dns-zone/ptr/main.json

@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.29.47.4906",
-      "templateHash": "13191587152357386110"
+      "version": "0.31.92.45157",
+      "templateHash": "15207022836369022219"
     },
     "name": "Private DNS Zone PTR record",
     "description": "This module deploys a Private DNS Zone PTR record.",

avm/res/network/private-dns-zone/soa/main.json

@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.29.47.4906",
-      "templateHash": "12872700379964561295"
+      "version": "0.31.92.45157",
+      "templateHash": "11873116919556672567"
     },
     "name": "Private DNS Zone SOA record",
     "description": "This module deploys a Private DNS Zone SOA record.",

avm/res/network/private-dns-zone/srv/main.json

@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.29.47.4906",
-      "templateHash": "12918383495773487180"
+      "version": "0.31.92.45157",
+      "templateHash": "14191219094184072575"
     },
     "name": "Private DNS Zone SRV record",
     "description": "This module deploys a Private DNS Zone SRV record.",

avm/res/network/private-dns-zone/txt/main.json

@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.29.47.4906",
-      "templateHash": "128006490354221158"
+      "version": "0.31.92.45157",
+      "templateHash": "4736447107597592476"
     },
     "name": "Private DNS Zone TXT record",
     "description": "This module deploys a Private DNS Zone TXT record.",

avm/res/network/private-dns-zone/version.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
-  "version": "0.6",
+  "version": "0.7",
   "pathFilters": [
     "./main.json"
   ]

avm/res/network/private-dns-zone/virtual-network-link/README.md

@@ -12,7 +12,7 @@ This module deploys a Private DNS Zone Virtual Network Link.
 
 | Resource Type | API Version |
 | :-- | :-- |
-| `Microsoft.Network/privateDnsZones/virtualNetworkLinks` | [2020-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/virtualNetworkLinks) |
+| `Microsoft.Network/privateDnsZones/virtualNetworkLinks` | [2024-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-06-01/privateDnsZones/virtualNetworkLinks) |
 
 ## Parameters
 
@@ -35,6 +35,7 @@ This module deploys a Private DNS Zone Virtual Network Link.
 | [`location`](#parameter-location) | string | The location of the PrivateDNSZone. Should be global. |
 | [`name`](#parameter-name) | string | The name of the virtual network link. |
 | [`registrationEnabled`](#parameter-registrationenabled) | bool | Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled?. |
+| [`resolutionPolicy`](#parameter-resolutionpolicy) | string | The resolution policy on the virtual network link. Only applicable for virtual network links to privatelink zones, and for A,AAAA,CNAME queries. When set to `NxDomainRedirect`, Azure DNS resolver falls back to public resolution if private dns query resolution results in non-existent domain response. `Default` is configured as the default option. |
 | [`tags`](#parameter-tags) | object | Tags of the resource. |
 
 ### Parameter: `virtualNetworkResourceId`
@@ -75,6 +76,13 @@ Is auto-registration of virtual machine records in the virtual network in the Pr
 - Type: bool
 - Default: `False`
 
+### Parameter: `resolutionPolicy`
+
+The resolution policy on the virtual network link. Only applicable for virtual network links to privatelink zones, and for A,AAAA,CNAME queries. When set to `NxDomainRedirect`, Azure DNS resolver falls back to public resolution if private dns query resolution results in non-existent domain response. `Default` is configured as the default option.
+
+- Required: No
+- Type: string
+
 ### Parameter: `tags`
 
 Tags of the resource.

avm/res/network/private-dns-zone/virtual-network-link/main.bicep

@@ -20,11 +20,14 @@ param registrationEnabled bool = false
 @description('Required. Link to another virtual network resource ID.')
 param virtualNetworkResourceId string
 
+@description('Optional. The resolution policy on the virtual network link. Only applicable for virtual network links to privatelink zones, and for A,AAAA,CNAME queries. When set to `NxDomainRedirect`, Azure DNS resolver falls back to public resolution if private dns query resolution results in non-existent domain response. `Default` is configured as the default option.')
+param resolutionPolicy string?
+
 resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' existing = {
   name: privateDnsZoneName
 }
 
-resource virtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = {
+resource virtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2024-06-01' = {
   name: name
   parent: privateDnsZone
   location: location
@@ -34,6 +37,7 @@ resource virtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetworkLin
     virtualNetwork: {
       id: virtualNetworkResourceId
     }
+    resolutionPolicy: resolutionPolicy
   }
 }