79729894

Date: 2025-08-08 14:37:20
Score: 3
Natty:
Report link

To your main question:

I try to utilize Azure Resource Graph to get all records from Public DNS zones...Does anybody have an idea which table to query to get the records?

This is not possible through Resource Graph. Public DNS records aren't stored there.

I have a bash script that does this by looping through subscriptions:

az account list --query "[].id" -o tsv | while read sub; do
  az network dns zone list --subscription "$sub" --query "[].{rg:resourceGroup, zone:name}" -o tsv | \
  while read rg zone; do

    for type in A AAAA CNAME MX NS PTR SRV TXT; do
      case "$type" in
        CNAME)
          az network dns record-set CNAME list \
            --subscription "$sub" -g "$rg" -z "$zone" \
            --query "[].{sub: '$sub', rg: '$rg', zone: '$zone', type: 'CNAME', name: name, records: CNAMERecord.cname}" \
            -o tsv
          ;;
        A)
          az network dns record-set A list \
            --subscription "$sub" -g "$rg" -z "$zone" -o json | \
          jq -r --arg sub "$sub" --arg zone "$zone" --arg rg $rg '
            .[] | .ARecords[]?.ipv4Address as $ip
            | [$sub, $rg, $zone, "A", .name, $ip] | @tsv
          '
          ;;
        TXT)
          az network dns record-set TXT list \
            --subscription "$sub" -g "$rg" -z "$zone" -o json | \
          jq -r --arg sub "$sub" --arg zone "$zone" --arg rg $rg '
            .[] | .TXTRecords[]?.value[] as $txt
            | [$sub, $rg, $zone, "TXT", .name, $txt] | @tsv
          '
          ;;
        NS)
          az network dns record-set NS list \
            --subscription "$sub" -g "$rg" -z "$zone" -o json | \
          jq -r --arg sub "$sub" --arg zone "$zone" --arg rg $rg '
            .[] | .NSRecords[]?.nsdname as $nsd
            | [$sub, $rg, $zone, "NS", .name, $nsd] | @tsv
          '
          ;;
        AAAA)
          az network dns record-set AAAA list \
            --subscription "$sub" -g "$rg" -z "$zone" -o json | \
          jq -r --arg sub "$sub" --arg zone "$zone" --arg rg $rg '
            .[] | .AAAARecords[]?.ipv6Address as $ip6
            | [$sub, $rg, $zone, "AAAA", .name, $ip6] | @tsv
          '
          ;;
        MX)
          az network dns record-set MX list \
            --subscription "$sub" -g "$rg" -z "$zone" -o json | \
          jq -r --arg sub "$sub" --arg zone "$zone" --arg rg $rg '
            .[] | .MXRecords[]? as $mx
            | [$sub, $rg, $zone, "MX", .name, "\($mx.preference) \($mx.exchange)"] | @tsv
          '
          ;;
        PTR)
          az network dns record-set PTR list \
            --subscription "$sub" -g "$rg" -z "$zone" -o json | \
          jq -r --arg sub "$sub" --arg zone "$zone" --arg rg $rg '
            .[] | .PTRRecords[]?.ptrdname as $ptr
            | [$sub, $rg, $zone, "PTR", .name, $ptr] | @tsv
          '
          ;;
        SRV)
          az network dns record-set SRV list \
            --subscription "$sub" -g "$rg" -z "$zone" -o json | \
          jq -r --arg sub "$sub" --arg zone "$zone" --arg rg $rg '
            .[] | .SRVRecords[]? as $srv
            | [$sub, $rg, $zone, "SRV", .name, "\($srv.priority) \($srv.weight) \($srv.port) \($srv.target)"] | @tsv
          ' 
          ;;
        *)
          echo "Skipping unknown record type: $type" >&2
          ;;
      esac
    done

  done
done
Reasons:
  • RegEx Blacklisted phrase (3): Does anybody have an idea
  • Long answer (-1):
  • Has code block (-0.5):
  • Contains question mark (0.5):
  • Low reputation (1):
Posted by: Kevin Stevens