az dns-resolver policy dns-security-rule

Note

This reference is part of the dns-resolver extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az dns-resolver policy dns-security-rule command. Learn more about extensions.

Manage DNS security rules.

Commands

Name	Description	Type	Status
az dns-resolver policy dns-security-rule create	Create a DNS security rule for a DNS resolver policy.	Extension	GA
az dns-resolver policy dns-security-rule delete	Delete a DNS security rule for a DNS resolver policy. WARNING: This operation cannot be undone.	Extension	GA
az dns-resolver policy dns-security-rule list	List DNS security rules for a DNS resolver policy.	Extension	GA
az dns-resolver policy dns-security-rule show	Get properties of a DNS security rule for a DNS resolver policy.	Extension	GA
az dns-resolver policy dns-security-rule update	Update a DNS security rule for a DNS resolver policy.	Extension	GA
az dns-resolver policy dns-security-rule wait	Place the CLI in a waiting state until a condition is met.	Extension	GA

az dns-resolver policy dns-security-rule create

Create a DNS security rule for a DNS resolver policy.

az dns-resolver policy dns-security-rule create --action
                                                --dns-security-rule-name
                                                --domain-lists
                                                --policy-name
                                                --priority
                                                --resource-group
                                                [--if-match]
                                                [--if-none-match]
                                                [--location]
                                                [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                                [--rule-state {Disabled, Enabled}]
                                                [--tags]

Examples

Upsert DNS security rule

az dns-resolver policy dns-security-rule create --resource-group sampleResourceGroup --policy-name sampleDnsResolverPolicy --dns-security-rule-name sampleDnsSecurityRule --location westus2 --tags "{key1:value1}" --priority 100 --action "{action-type:Block,block-response-code:SERVFAIL}" --domain-lists "[{id:/subscriptions/abdd4249-9f34-4cc6-8e42-c2e32110603e/resourceGroups/sampleResourceGroup/providers/Microsoft.Network/dnsResolverDomainLists/sampleDnsResolverDomainList}]" --rule-state Enabled

Required Parameters

--action

The action to take on DNS requests that match the DNS security rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--dns-security-rule-name --name -n

The name of the DNS security rule.

--domain-lists

DNS resolver policy domains lists that the DNS security rule applies to. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--policy-name

The name of the DNS resolver policy.

--priority

The priority of the DNS security rule.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--if-match

ETag of the resource. Omit this value to always overwrite the current resource. Specify the last-seen ETag value to prevent accidentally overwriting any concurrent changes.

--if-none-match

Set to '*' to allow a new resource to be created, but to prevent updating an existing resource. Other values will be ignored.

--location -l

The geo-location where the resource lives When not specified, the location of the resource group will be used.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes

--rule-state

The state of DNS security rule.

Accepted values: Disabled, Enabled

--tags

Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az dns-resolver policy dns-security-rule delete

Delete a DNS security rule for a DNS resolver policy. WARNING: This operation cannot be undone.

az dns-resolver policy dns-security-rule delete [--dns-security-rule-name]
                                                [--ids]
                                                [--if-match]
                                                [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                                [--policy-name]
                                                [--resource-group]
                                                [--subscription]
                                                [--yes]

Examples

Delete DNS security rule for DNS resolver policy

az dns-resolver policy dns-security-rule delete --resource-group sampleResourceGroup --policy-name sampleDnsDnsResolverPolicy --dns-security-rule-name sampleDnsSecurityRule

Optional Parameters

--dns-security-rule-name --name -n

The name of the DNS security rule.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--if-match

ETag of the resource. Omit this value to always overwrite the current resource. Specify the last-seen ETag value to prevent accidentally overwriting any concurrent changes.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes

--policy-name

The name of the DNS resolver policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az dns-resolver policy dns-security-rule list

List DNS security rules for a DNS resolver policy.

az dns-resolver policy dns-security-rule list --policy-name
                                              --resource-group
                                              [--max-items]
                                              [--next-token]
                                              [--top]

Examples

List DNS security rules by DNS resolver policy

az dns-resolver policy dns-security-rule list --resource-group sampleResourceGroup --policy-name sampleDnsResolverPolicy

Required Parameters

--policy-name

The name of the DNS resolver policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

--top

The maximum number of results to return. If not specified, returns up to 100 results.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az dns-resolver policy dns-security-rule show

Get properties of a DNS security rule for a DNS resolver policy.

az dns-resolver policy dns-security-rule show [--dns-security-rule-name]
                                              [--ids]
                                              [--policy-name]
                                              [--resource-group]
                                              [--subscription]

Examples

Retrieve DNS security rule for DNS resolver policy

az dns-resolver policy dns-security-rule show --resource-group sampleResourceGroup --policy-name sampleDnsResolverPolicy --dns-security-rule-name sampleDnsSecurityRule

Optional Parameters

--dns-security-rule-name --name -n

The name of the DNS security rule.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--policy-name

The name of the DNS resolver policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az dns-resolver policy dns-security-rule update

Update a DNS security rule for a DNS resolver policy.

az dns-resolver policy dns-security-rule update [--action]
                                                [--add]
                                                [--dns-security-rule-name]
                                                [--domain-lists]
                                                [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                                [--ids]
                                                [--if-match]
                                                [--if-none-match]
                                                [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                                [--policy-name]
                                                [--priority]
                                                [--remove]
                                                [--resource-group]
                                                [--rule-state {Disabled, Enabled}]
                                                [--set]
                                                [--subscription]
                                                [--tags]

Examples

Update a DNS security rule

az dns-resolver policy dns-security-rule update --resource-group sampleResourceGroup --policy-name sampleDnsResolverPolicy --rule-name sampleDnsSecurityRule --location westus2 --tags "{key2:value2}" --priority 100 --action "{action-type:Block,block-response-code:SERVFAIL}" --domain-lists "[{id:/subscriptions/abdd4249-9f34-4cc6-8e42-c2e32110603e/resourceGroups/sampleResourceGroup/providers/Microsoft.Network/dnsResolverDomainLists/sampleDnsResolverDomainList}]" --rule-state Disabled

Optional Parameters

--action

The action to take on DNS requests that match the DNS security rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--dns-security-rule-name --name -n

The name of the DNS security rule.

--domain-lists

DNS resolver policy domains lists that the DNS security rule applies to. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--if-match

ETag of the resource. Omit this value to always overwrite the current resource. Specify the last-seen ETag value to prevent accidentally overwriting any concurrent changes.

--if-none-match

Set to '*' to allow a new resource to be created, but to prevent updating an existing resource. Other values will be ignored.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes

--policy-name

The name of the DNS resolver policy.

--priority

The priority of the DNS security rule.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-state

The state of DNS security rule.

Accepted values: Disabled, Enabled

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az dns-resolver policy dns-security-rule wait

Place the CLI in a waiting state until a condition is met.

az dns-resolver policy dns-security-rule wait [--created]
                                              [--custom]
                                              [--deleted]
                                              [--dns-security-rule-name]
                                              [--exists]
                                              [--ids]
                                              [--interval]
                                              [--policy-name]
                                              [--resource-group]
                                              [--subscription]
                                              [--timeout]
                                              [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False

--dns-security-rule-name --name -n

The name of the DNS security rule.

--exists

Wait until the resource exists.

Default value: False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30

--policy-name

The name of the DNS resolver policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600

--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.