We were facing an issue with running an operation from your Azure Storage Account to create a private DNS zone for a specific private endpoint connection across our DNS subscription. From the logs, we can see an error when trying to apply the configuration to create the private DNS zone.

Upon further checking the logging around this error, I don’t see it being received by the Azure platform; there is no request received by Azure Resource Manager (ARM). This is normally the first hop for operations performed in the portal, Azure PowerShell, or any other command methods. This confirms that the operation was not submitted successfully, likely due to incorrect user permissions over the DNS subscription, as we discussed. This behavior is expected if a permissions issue blocks the request. The validation process that Azure uses first checks roles and permissions and will block the request before an actual request is generated towards the resource. As outlined in the Custom Rule setting, these are the actions required over the DNS subscription for your user account. Reference: Protecting private DNS Zones and Records – Azure DNS | MicrosoftLearn.