diff --git a/examples/private_dns_zones.tfvars b/examples/private_dns_zones.tfvars
new file mode 100644
index 00000000..07744f46
--- /dev/null
+++ b/examples/private_dns_zones.tfvars
@@ -0,0 +1,44 @@
+private_dns_zones = {
+  storage_account_blob = {
+    resource_kind      = "storage_blob"
+    resource_group_ref = "rg_test"
+    vnet_ref           = ["vnet_test", "vnet_test2"]
+  }
+}
+
+
+
+# pre-requisites
+resource_groups = {
+  rg_test = {
+    name     = "rg-test-dv-ne-01"
+    location = "northeurope"
+  }
+}
+
+virtual_networks = {
+  vnet_test = {
+    name               = "vnet-test-dv-ne-01"
+    resource_group_ref = "rg_test"
+    cidr               = ["10.0.0.0/16"]
+    subnets = {
+      snet_app = {
+        name              = "snet-app"
+        cidr              = ["10.0.0.128/25"]
+        service_endpoints = ["Microsoft.Storage"]
+      }
+    }
+  }
+  vnet_test2 = {
+    name               = "vnet-test-dv-ne-02"
+    resource_group_ref = "rg_test"
+    cidr               = ["10.1.0.0/16"]
+    subnets = {
+      snet_app_02 = {
+        name              = "snet-app"
+        cidr              = ["10.1.0.128/25"]
+        service_endpoints = ["Microsoft.Storage"]
+      }
+    }
+  }
+}
diff --git a/src/_variables.resources.tf b/src/_variables.resources.tf
index e3876f54..51727857 100644
--- a/src/_variables.resources.tf
+++ b/src/_variables.resources.tf
@@ -15,3 +15,5 @@ variable "public_ips" { default = {} }
 variable "keyvaults" { default = {} }
 
 variable "storage_accounts" { default = {} }
+
+variable "private_dns_zones" { default = {} }
diff --git a/src/modules/_networking/private_dns_zone/_locals.tf b/src/modules/_networking/private_dns_zone/_locals.tf
new file mode 100644
index 00000000..53c86680
--- /dev/null
+++ b/src/modules/_networking/private_dns_zone/_locals.tf
@@ -0,0 +1,29 @@
+locals {
+  resource_group = var.resources.resource_groups[var.settings.resource_group_ref]
+
+  resource_group_name = local.resource_group.name
+  location            = local.resource_group.location
+  tags = merge(
+    var.global_settings.tags,
+    var.global_settings.inherit_resource_group_tags ? local.resource_group.tags : {},
+    try(var.settings.tags, {})
+  )
+  vnet_ids = {
+    for vnet in var.settings.vnet_ref :
+    vnet => {
+      name = var.resources.virtual_networks[vnet].name
+      id   = var.resources.virtual_networks[vnet].id
+    }
+  }
+}
+locals {
+  # local object used to map possible private dns zoone names
+  zone_names = {
+    "storage_blob"   = "privatelink.blob.core.windows.net"
+    "storage_tables" = "privatelink.table.core.windows.net"
+    "storage_queues" = "privatelink.queue.core.windows.net"
+    "storage_files"  = "privatelink.file.core.windows.net"
+    "function_apps"  = "privatelink.azurewebsites.net"
+    "keyvaults"      = "privatelink.vaultcore.azure.net"
+  }
+}
diff --git a/src/modules/_networking/private_dns_zone/_outputs.tf b/src/modules/_networking/private_dns_zone/_outputs.tf
new file mode 100644
index 00000000..0d4f3d12
--- /dev/null
+++ b/src/modules/_networking/private_dns_zone/_outputs.tf
@@ -0,0 +1,3 @@
+output "id" {
+  value = azurerm_private_dns_zone.main.id
+}
diff --git a/src/modules/_networking/private_dns_zone/_variables.tf b/src/modules/_networking/private_dns_zone/_variables.tf
new file mode 100644
index 00000000..4ee12d7c
--- /dev/null
+++ b/src/modules/_networking/private_dns_zone/_variables.tf
@@ -0,0 +1,15 @@
+variable "global_settings" {
+  description = "Global settings for tinycaf"
+}
+
+variable "settings" {
+  description = "All the configuration for this resource"
+}
+
+variable "resources" {
+  type = object({
+    resource_groups  = map(any)
+    virtual_networks = map(any)
+  })
+  description = "All required resources"
+}
diff --git a/src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf b/src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf
new file mode 100644
index 00000000..08444fe8
--- /dev/null
+++ b/src/modules/_networking/private_dns_zone/private_dns_vnet_link.tf
@@ -0,0 +1,7 @@
+resource "azurerm_private_dns_zone_virtual_network_link" "main" {
+  for_each              = local.vnet_ids
+  name                  = "${each.value.name}-${azurerm_private_dns_zone.main.name}-link"
+  private_dns_zone_name = azurerm_private_dns_zone.main.name
+  resource_group_name   = azurerm_private_dns_zone.main.resource_group_name
+  virtual_network_id    = each.value.id
+}
diff --git a/src/modules/_networking/private_dns_zone/private_dns_zone_group.tf b/src/modules/_networking/private_dns_zone/private_dns_zone_group.tf
new file mode 100644
index 00000000..69fc0fb5
--- /dev/null
+++ b/src/modules/_networking/private_dns_zone/private_dns_zone_group.tf
@@ -0,0 +1,5 @@
+resource "azurerm_private_dns_zone" "main" {
+  name                = try(local.zone_names[var.settings.resource_kind], var.settings.name)
+  resource_group_name = local.resource_group_name
+  tags                = try(local.tags, null)
+}
diff --git a/src/networking.tf b/src/networking.tf
index 32e893b8..c4b9ff86 100644
--- a/src/networking.tf
+++ b/src/networking.tf
@@ -59,3 +59,15 @@ module "local_network_gateways" {
     resource_groups = module.resource_groups
   }
 }
+
+module "private_dns_zones" {
+  source   = "./modules/_networking/private_dns_zone"
+  for_each = var.private_dns_zones
+
+  global_settings = var.global_settings
+  settings        = each.value
+  resources = {
+    resource_groups  = module.resource_groups
+    virtual_networks = module.virtual_networks
+  }
+}