Document Details
Dns Traffic Log How To
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Detected Bias Types
powershell_heavy
windows_first
missing_linux_example
windows_tools
Summary
The documentation page demonstrates a strong Windows bias. All automation and scripting examples are provided exclusively in PowerShell, with no equivalent Azure CLI, Bash, or Linux-native instructions. The PowerShell tab is the only programmatic method shown, and all command-line examples (including DNS query tests) use Windows paths and tools. There are no Linux-specific instructions, nor are Linux tools or workflows mentioned. The documentation assumes a Windows environment for scripting and management, leaving Linux users without clear guidance.
Recommendations
- Add Azure CLI and/or Bash examples for all resource creation, configuration, and management steps, ensuring parity with PowerShell instructions.
- Include Linux-native command-line examples (e.g., using dig or nslookup from a Bash shell) for DNS query and testing sections.
- When referencing file paths or environment variables, provide both Windows and Linux equivalents (e.g., C:\bin\PSRepo vs. ~/bin/PSRepo).
- Explicitly mention that the instructions apply to both Windows and Linux environments, and provide guidance for each where workflows differ.
- Consider adding a 'Linux' or 'Azure CLI' tab alongside the existing 'PowerShell' and 'Portal' tabs for all relevant sections.
- Reference cross-platform tools and patterns (such as Azure Cloud Shell, which supports both Bash and PowerShell) earlier and more prominently.
Create Pull Request
Scan History
| Date | Scan | Status | Result |
|---|---|---|---|
| 2026-01-14 00:00 | #250 | in_progress |
Biased
|
| 2026-01-13 00:00 | #246 | completed |
Biased
|
| 2026-01-11 00:00 | #240 | completed |
Biased
|
| 2026-01-10 00:00 | #237 | completed |
Biased
|
| 2026-01-09 00:34 | #234 | completed |
Biased
|
| 2026-01-08 00:53 | #231 | completed |
Biased
|
| 2026-01-06 18:15 | #225 | cancelled |
 Clean
|
| 2025-08-17 00:01 | #83 | cancelled |
Clean
|
| 2025-07-13 21:37 | #48 | completed |
Biased
|
| 2025-07-09 13:09 | #3 | cancelled |
Clean
|
| 2025-07-08 04:23 | #2 | cancelled |
Biased
|
Flagged Code Snippets
################################
# Update DNS security policy
################################
Write-Host "Updating DNS resolver policy"
$resolverPolicy = Update-AzDnsResolverPolicy -ResourceGroupName $resourceGroupName -Name $resolverPolicyName -Tag @{"key0" = "value0"}
Write-Host $resolverPolicy.ToJsonString()
Write-Host "Updating DNS resolver policy virtual network link"
$link = Update-AzDnsResolverPolicyVirtualNetworkLink -ResourceGroupName $resourceGroupName -DnsResolverPolicyName $resolverPolicyName -Name $resolverPolicyLinkName -Tag @{"key1" = "value1"}
Write-Host $link.ToJsonString()
$log = New-AzDiagnosticSettingLogSettingsObject -Enabled $false -Category DnsResponse
Write-Host "Updating diagnostic setting by disabling log category"
$diagnosticSetting = New-AzDiagnosticSetting -Name $diagnosticSettingName -ResourceId $resolverPolicy.id -Log $log -StorageAccountId $storageAccount.id
Write-Host $diagnosticSetting.ToJsonString()
Write-Host "Updating domain list"
$domainList = Update-AzDnsResolverDomainList -ResourceGroupName $resourceGroupName -Name $domainListName -Tag @{"key2" = "value2"}
Write-Host $domainList.ToJsonString()
Write-Host "Updating DNS security policy rule"
$rule = Update-AzDnsResolverPolicyDnsSecurityRule -ResourceGroupName $resourceGroupName -Name $securityRuleName -DnsResolverDomainList @{id = $domainList.Id;} -DnsResolverPolicyName $resolverPolicyName
Write-Host $rule.ToJsonString()
################################
# Get DNS security policy
################################
Write-Host "Getting DNS resolver policy"
$resolverPolicy = Get-AzDnsResolverPolicy -ResourceGroupName $resourceGroupName -Name $resolverPolicyName
Write-Host $resolverPolicy.ToJsonString()
Write-Host "Getting DNS resolver policy virtual network link"
$link = Get-AzDnsResolverPolicyVirtualNetworkLink -ResourceGroupName $resourceGroupName -DnsResolverPolicyName $resolverPolicyName -Name $resolverPolicyLinkName
Write-Host $link.ToJsonString()
Write-Host "Getting diagnostic setting"
$diagnosticSetting = Get-AzDiagnosticSetting -ResourceId $resolverPolicy.id
Write-Host $diagnosticSetting.ToJsonString()
Write-Host "Getting domain list"
$domainList = Get-AzDnsResolverDomainList -ResourceGroupName $resourceGroupName -Name $domainListName
Write-Host $rule.ToJsonString()
Write-Host "Getting DNS security policy rule"
$rule = Get-AzDnsResolverPolicyDnsSecurityRule -ResourceGroupName $resourceGroupName -Name $securityRuleName -DnsResolverPolicyName $resolverPolicyName
Write-Host $rule.ToJsonString()
Resolve-DnsName -Name contoso.com -Type NS
C:\>dig db.sec.contoso.com +short 10.0.1.2
C:\>dig db.sec.contoso.com ; <<>> DiG 9.9.2-P1 <<>> db.sec.contoso.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 24053 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
# Register the repository
Register-PSRepository -Name LocalPSRepo -SourceLocation 'C:\bin\PSRepo' -ScriptSourceLocation 'C:\bin\PSRepo' -InstallationPolicy Trusted
# Install the Az.DnsResolver module
Install-Module -Name Az.DnsResolver -RequiredVersion 0.2.6 -SkipPublisherCheck
# If you already installed Az.DnsResolver, update your version to 0.2.6
Update-Module -Name Az.DnsResolver
# Confirm that the Az.DnsResolver module was installed properly
Get-InstalledModule -Name Az.DnsResolver
# Connect PowerShell to Azure cloud
Connect-AzAccount -Environment AzureCloud
# Set your default subscription
Select-AzSubscription -SubscriptionObject (Get-AzSubscription -SubscriptionId <your-sub-id>)
$ErrorActionPreference = "Stop"
################################################################
# Configure resource names and locations
################################################################
$resourceNumber = 1 # Customize this if needed
$region = "centralus" # Change this region to your preference
if ($env:username) {$name = "$($env:username)"} else {$name = "$($env:USER)"} # The environment variable is different in Cloud Shell vs local PowerShell
$nameSuffix = "test-$($region)-$($name)-resolverpolicytest$($resourceNumber)-test"
$resourceGroupName = "rg-$($nameSuffix)"
$virtualNetworkName = "vnet-$($nameSuffix)"
$resolverPolicyName = "dnsresolverpolicy-$($nameSuffix)"
$domainListName = "domainlist-$($nameSuffix)"
$securityRuleName = "securityrule-$($nameSuffix)"
$resolverPolicyLinkName = "dnsresolverpolicylink"
$storageAccountName = "stor$($name.ToLower())" # Customize this, taking care that the name is not too long
$storageAccountName = $storageAccountName.Substring(0, [Math]::Min(24, $storageAccountName.Length)) # Storage account names must be 3-24 characters long
$diagnosticSettingName = "diagnosticsetting-$($nameSuffix)"
$vnetId = "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Network/virtualNetworks/$virtualNetworkName"
################################################################
# Create resource group, virtual network, and storage account
################################################################
Write-Host "Creating resource group"
$rg = New-AzResourceGroup -Name $resourceGroupName -Location $region
Write-Host ($rg | ConvertTo-Json -Depth 64)
Write-Host "Creating virtual network"
$defaultSubnet = New-AzVirtualNetworkSubnetConfig -Name "default" -AddressPrefix "10.$resourceNumber.0.0/24"
$vnet = New-AzVirtualNetwork -Name $virtualNetworkName -ResourceGroupName $resourceGroupName -Location $region -AddressPrefix "10.$resourceNumber.0.0/16" -Subnet $defaultSubnet
Write-Host ($vnet | ConvertTo-Json -Depth 64)
Write-Host "Creating storage account"
$storageAccount = New-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -Location $region -SkuName Standard_GRS
Write-Host $storageAccount.ToString()
################################
# Create DNS security policy
################################
Write-Host "Creating DNS resolver policy"
$resolverPolicy = New-AzDnsResolverPolicy -Location $region -ResourceGroupName $resourceGroupName -Name $resolverPolicyName
Write-Host $resolverPolicy.ToJsonString()
Write-Host "Creating DNS resolver policy virtual network link"
$link = New-AzDnsResolverPolicyVirtualNetworkLink -Location $region -ResourceGroupName $resourceGroupName -DnsResolverPolicyName $resolverPolicyName -Name $resolverPolicyLinkName -VirtualNetworkId $vnetId
Write-Host $link.ToJsonString()
$log = New-AzDiagnosticSettingLogSettingsObject -Enabled $true -Category DnsResponse
Write-Host "Creating diagnostic setting"
$diagnosticSetting = New-AzDiagnosticSetting -Name $diagnosticSettingName -ResourceId $resolverPolicy.id -Log $log -StorageAccountId $storageAccount.id
Write-Host $diagnosticSetting.ToJsonString()
Write-Host "Creating domain list"
$domainList = New-AzDnsResolverDomainList -Location $region -ResourceGroupName $resourceGroupName -Name $domainListName -Domain @("contoso.com.", "adatum.com.")
Write-Host $domainList.ToJsonString()
Write-Host "Creating DNS security policy rule"
$rule = New-AzDnsResolverPolicyDnsSecurityRule -ResourceGroupName $resourceGroupName -Name $securityRuleName -DnsResolverDomainList @{id = $domainList.Id;} -DnsSecurityRuleState "Enabled" -ActionType "Block" -ActionBlockResponseCode "SERVFAIL" -Priority 100 -DnsResolverPolicyName $resolverPolicyName -Location $region
Write-Host $rule.ToJsonString()
Resolve-DnsName : contoso.com : DNS server failure
At line:1 char:1
+ Resolve-DnsName -Name contoso.com -Type NS
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (contoso.com:String) [Resolve-DnsName], Win32Exception
+ FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName