![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 64%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,217 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 63%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi Aaron,
I understand your frustration. Dealing with DNS records and permissions can be challenging, especially when changes seem to happen without prior notice. Let's me try to address the issue with your DMARC records and the "Failed to save record" error in Azure DNS.
- DMARC Records: Regarding the double quotes issue in your DMARC records, it's crucial to ensure that the syntax is correct. DMARC records are typically TXT records in your DNS zone, and the DMARC policy is defined within double quotes. Here's an example of a DMARC record:
cssCopy code
_dmarc.yourdomain.com. IN TXT "v=DMARC1; p=quarantine; rua=mailto:your.email@example.com; ruf=mailto:your.email@example.com;"
Ensure that you have the correct syntax for your DMARC policy and that it is enclosed within double quotes.
- DNS Zone Record Editing: If you are facing the "Failed to save record ... user does not have authorization" error when trying to edit DNS zone records in Azure, it could be related to permission issues.
You mentioned that you added yourself to the "Domain Services Contributor" role, but it didn't resolve the problem. In Azure, the "Domain Services Contributor" role grants permissions to manage Azure Active Directory Domain Services, but it might not be sufficient for DNS zone record editing.
To have full edit access to ALL DNS zone entries, you need to be assigned the "DNS Zone Contributor" role. This role specifically provides permissions to manage DNS zones in Azure. Here's how you can assign the role:
Go to the Azure portal (https://portal.azure.com) and sign in with an account that has sufficient permissions to manage IAM roles.
Navigate to your DNS zone resource.
Click on the "Access control (IAM)" tab.
Click on the "+ Add role assignment" button.
In the "Add role assignment" pane, select the "DNS Zone Contributor" role from the "Role" drop-down list.
In the "Assign access to" section, search for and select your account or the appropriate Azure AD group you want to assign the role to.
Click on the "Save" button to add the role assignment.
After the role assignment is completed, you should have full edit access to the DNS zone records. If you're still facing issues after being assigned the correct role, it's recommended to contact your Azure administrator or support team to investigate further.
Regarding the tags and their relevance, I understand your concern. Tags are used for organizational purposes, and their specific use can vary between different systems and workflows.
I hope this information helps you resolve the issues you're facing. If you have any more questions or need further assistance, feel free to ask.