Document Details

Dns Traffic Log How To
Home / Scan 48 / Dns Traffic Log How To
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Bias Types:
⚠️ powershell_heavy
⚠️ windows_first
⚠️ missing_linux_example
⚠️ windows_tools
Summary:
The documentation demonstrates a strong Windows bias. All command-line automation and scripting examples are provided exclusively in PowerShell, with no Bash, Azure CLI, or Linux-native alternatives. The only non-portal automation path is via PowerShell, and all command-line DNS query examples use Windows paths (e.g., C:\>) and Windows-native tools (Resolve-DnsName). There are no Linux shell or Azure CLI examples for creating or managing DNS security policies, nor are there instructions for running equivalent DNS queries from Linux environments.
Recommendations:
  • Add Azure CLI examples for all resource creation, configuration, and management steps, alongside or in place of PowerShell.
  • Provide Bash shell command examples for DNS queries (e.g., using dig or host) from a Linux VM, including sample output.
  • When showing command-line DNS queries, use generic prompts (e.g., $ or #) or show both Windows (C:\>) and Linux ($) examples.
  • Document how to install and use the Azure CLI on Linux for DNS resolver and policy management.
  • Explicitly mention Linux support and provide parity in instructions, screenshots, and troubleshooting steps.
  • If certain features are only available via PowerShell, clearly state this and provide a roadmap or alternatives for Linux users.
GitHub Create pull request

Scan History

Date Scan ID Status Bias Status
2025-08-17 00:01 #83 in_progress ✅ Clean
2025-07-13 21:37 #48 completed ❌ Biased
2025-07-09 13:09 #3 cancelled ✅ Clean
2025-07-08 04:23 #2 cancelled ❌ Biased

Flagged Code Snippets

C:\>dig db.sec.contoso.com +short 10.0.1.2
################################ # Update DNS security policy ################################ Write-Host "Updating DNS resolver policy" $resolverPolicy = Update-AzDnsResolverPolicy -ResourceGroupName $resourceGroupName -Name $resolverPolicyName -Tag @{"key0" = "value0"} Write-Host $resolverPolicy.ToJsonString() Write-Host "Updating DNS resolver policy virtual network link" $link = Update-AzDnsResolverPolicyVirtualNetworkLink -ResourceGroupName $resourceGroupName -DnsResolverPolicyName $resolverPolicyName -Name $resolverPolicyLinkName -Tag @{"key1" = "value1"} Write-Host $link.ToJsonString() $log = New-AzDiagnosticSettingLogSettingsObject -Enabled $false -Category DnsResponse Write-Host "Updating diagnostic setting by disabling log category" $diagnosticSetting = New-AzDiagnosticSetting -Name $diagnosticSettingName -ResourceId $resolverPolicy.id -Log $log -StorageAccountId $storageAccount.id Write-Host $diagnosticSetting.ToJsonString() Write-Host "Updating domain list" $domainList = Update-AzDnsResolverDomainList -ResourceGroupName $resourceGroupName -Name $domainListName -Tag @{"key2" = "value2"} Write-Host $domainList.ToJsonString() Write-Host "Updating DNS security policy rule" $rule = Update-AzDnsResolverPolicyDnsSecurityRule -ResourceGroupName $resourceGroupName -Name $securityRuleName -DnsResolverDomainList @{id = $domainList.Id;} -DnsResolverPolicyName $resolverPolicyName Write-Host $rule.ToJsonString()
################################ # Get DNS security policy ################################ Write-Host "Getting DNS resolver policy" $resolverPolicy = Get-AzDnsResolverPolicy -ResourceGroupName $resourceGroupName -Name $resolverPolicyName Write-Host $resolverPolicy.ToJsonString() Write-Host "Getting DNS resolver policy virtual network link" $link = Get-AzDnsResolverPolicyVirtualNetworkLink -ResourceGroupName $resourceGroupName -DnsResolverPolicyName $resolverPolicyName -Name $resolverPolicyLinkName Write-Host $link.ToJsonString() Write-Host "Getting diagnostic setting" $diagnosticSetting = Get-AzDiagnosticSetting -ResourceId $resolverPolicy.id Write-Host $diagnosticSetting.ToJsonString() Write-Host "Getting domain list" $domainList = Get-AzDnsResolverDomainList -ResourceGroupName $resourceGroupName -Name $domainListName Write-Host $rule.ToJsonString() Write-Host "Getting DNS security policy rule" $rule = Get-AzDnsResolverPolicyDnsSecurityRule -ResourceGroupName $resourceGroupName -Name $securityRuleName -DnsResolverPolicyName $resolverPolicyName Write-Host $rule.ToJsonString()
Resolve-DnsName -Name contoso.com -Type NS
# Register the repository Register-PSRepository -Name LocalPSRepo -SourceLocation 'C:\bin\PSRepo' -ScriptSourceLocation 'C:\bin\PSRepo' -InstallationPolicy Trusted # Install the Az.DnsResolver module Install-Module -Name Az.DnsResolver -RequiredVersion 0.2.6 -SkipPublisherCheck # If you already installed Az.DnsResolver, update your version to 0.2.6 Update-Module -Name Az.DnsResolver # Confirm that the Az.DnsResolver module was installed properly Get-InstalledModule -Name Az.DnsResolver
$ErrorActionPreference = "Stop" ################################################################ # Configure resource names and locations ################################################################ $resourceNumber = 1 # Customize this if needed $region = "centralus" # Change this region to your preference if ($env:username) {$name = "$($env:username)"} else {$name = "$($env:USER)"} # The environment variable is different in Cloud Shell vs local PowerShell $nameSuffix = "test-$($region)-$($name)-resolverpolicytest$($resourceNumber)-test" $resourceGroupName = "rg-$($nameSuffix)" $virtualNetworkName = "vnet-$($nameSuffix)" $resolverPolicyName = "dnsresolverpolicy-$($nameSuffix)" $domainListName = "domainlist-$($nameSuffix)" $securityRuleName = "securityrule-$($nameSuffix)" $resolverPolicyLinkName = "dnsresolverpolicylink" $storageAccountName = "stor$($name.ToLower())" # Customize this, taking care that the name is not too long $storageAccountName = $storageAccountName.Substring(0, [Math]::Min(24, $storageAccountName.Length)) # Storage account names must be 3-24 characters long $diagnosticSettingName = "diagnosticsetting-$($nameSuffix)" $vnetId = "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Network/virtualNetworks/$virtualNetworkName" ################################################################ # Create resource group, virtual network, and storage account ################################################################ Write-Host "Creating resource group" $rg = New-AzResourceGroup -Name $resourceGroupName -Location $region Write-Host ($rg | ConvertTo-Json -Depth 64) Write-Host "Creating virtual network" $defaultSubnet = New-AzVirtualNetworkSubnetConfig -Name "default" -AddressPrefix "10.$resourceNumber.0.0/24" $vnet = New-AzVirtualNetwork -Name $virtualNetworkName -ResourceGroupName $resourceGroupName -Location $region -AddressPrefix "10.$resourceNumber.0.0/16" -Subnet $defaultSubnet Write-Host ($vnet | ConvertTo-Json -Depth 64) Write-Host "Creating storage account" $storageAccount = New-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -Location $region -SkuName Standard_GRS Write-Host $storageAccount.ToString() ################################ # Create DNS security policy ################################ Write-Host "Creating DNS resolver policy" $resolverPolicy = New-AzDnsResolverPolicy -Location $region -ResourceGroupName $resourceGroupName -Name $resolverPolicyName Write-Host $resolverPolicy.ToJsonString() Write-Host "Creating DNS resolver policy virtual network link" $link = New-AzDnsResolverPolicyVirtualNetworkLink -Location $region -ResourceGroupName $resourceGroupName -DnsResolverPolicyName $resolverPolicyName -Name $resolverPolicyLinkName -VirtualNetworkId $vnetId Write-Host $link.ToJsonString() $log = New-AzDiagnosticSettingLogSettingsObject -Enabled $true -Category DnsResponse Write-Host "Creating diagnostic setting" $diagnosticSetting = New-AzDiagnosticSetting -Name $diagnosticSettingName -ResourceId $resolverPolicy.id -Log $log -StorageAccountId $storageAccount.id Write-Host $diagnosticSetting.ToJsonString() Write-Host "Creating domain list" $domainList = New-AzDnsResolverDomainList -Location $region -ResourceGroupName $resourceGroupName -Name $domainListName -Domain @("contoso.com.", "adatum.com.") Write-Host $domainList.ToJsonString() Write-Host "Creating DNS security policy rule" $rule = New-AzDnsResolverPolicyDnsSecurityRule -ResourceGroupName $resourceGroupName -Name $securityRuleName -DnsResolverDomainList @{id = $domainList.Id;} -DnsSecurityRuleState "Enabled" -ActionType "Block" -ActionBlockResponseCode "SERVFAIL" -Priority 100 -DnsResolverPolicyName $resolverPolicyName -Location $region Write-Host $rule.ToJsonString()