Why commenting private_dns_zone_id in azurerm_postgresql_flexible_server has not effect in terraform?

resource "azurerm_postgresql_flexible_server" "default" {
  name                          = "${var.environment}-${var.name}-postgres-server"
  resource_group_name           = var.resource_group_name
  location                      = var.resource_group_location
  version                       = "16"
  delegated_subnet_id           = var.delegated_subnet_id
  #private_dns_zone_id           = var.private_dns_zone_id
  administrator_login           = var.admin_username
  administrator_password        = var.admin_password
  zone                          = "2"
  storage_mb                    = var.storage_mb
  sku_name                      = var.sku_name
  backup_retention_days         = 7
  public_network_access_enabled = false
  #depends_on                    = [var.private_dns_zone_id]
}

Thing is, we used that private DNS resolver. But it is expensive as hell, so I decided just to jam in bind and tell Azure network to use one more DNS server and remove that private_dns_zone_id. It seams that can not be done, not only in terraform but in Azure at all. I can not find any document, saying it can or it can not.

So can someone answer? Deleting zone is out of the question of course since that will delete anything that is associated with Postgres server.

Here there are two scenarios.

1. To avoid using private_dns_zone_id in azurerm_postgresql_flexible_server deployment, you can go with enabling public access. So that you do not need to use any virtual network injection with a private DNS server zone.

Or

2. Basically, the purpose of a private dns zone when creating a PostgreSQL flexible server is to resolve the server hostname to its private IP address under a virtual network endpoint.

And also, the Azure itself configures all the DNS related settings when you use the private DNS server zone within the Azure services without any manual intervention.

On the other side, if you are using any custom DNS like (bind), firstly, create a PostgreSQL flexible server without any private DNS server zone and need to enable all the settings and configurations manually for private network injection.

In order to Integrate a server with Custom DNS server:

As detailed in the MSDoc for integrating a PostgreSQL flexible server with a custom DNS server,

You must use a DNS forwarder to resolve the FQDN of Azure Database for PostgreSQL - Flexible Server.

And also, here in MSDoc, it is mentioned that:

DNS forwarding also enables DNS resolution between virtual networks and allows your on-premises machines to resolve Azure-provided host names.

Note: I would suggest you use a private DNS zone within the Azure instead of going with any custom DNS servers. If you still feel it's an expensive, try to optimize the costs by disabling or eliminating the unnecessary zones and try to use link multiple Azure resources to a single zone in order to reduce the costs.

Or if you want to go with the public access enabled simply, just set public_network_access_enabled = true without any conflicts.

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "postres"
  location = "West Europe"
}

resource "azurerm_postgresql_flexible_server" "example" {
  name                          = "example-psqlflexibleserver"
  resource_group_name           = azurerm_resource_group.example.name
  location                      = azurerm_resource_group.example.location
  version                       = "12"
  public_network_access_enabled = true
  administrator_login           = "xxxadminj"
  administrator_password        = "xxxx"

  storage_mb   = 32768
  storage_tier = "P30"

  sku_name   = "GP_Standard_D4s_v3"

}