az dns-resolver policy dns-security-rule
Note
This reference is part of the dns-resolver extension for the Azure CLI (version 2.70.0 or higher). The extension will automatically install the first time you run an az dns-resolver policy dns-security-rule command. Learn more about extensions.
Manage DNS security rules.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az dns-resolver policy dns-security-rule create |
Create a DNS security rule for a DNS resolver policy. |
Extension | GA |
| az dns-resolver policy dns-security-rule delete |
Delete a DNS security rule for a DNS resolver policy. WARNING: This operation cannot be undone. |
Extension | GA |
| az dns-resolver policy dns-security-rule list |
List DNS security rules for a DNS resolver policy. |
Extension | GA |
| az dns-resolver policy dns-security-rule show |
Get properties of a DNS security rule for a DNS resolver policy. |
Extension | GA |
| az dns-resolver policy dns-security-rule update |
Update a DNS security rule for a DNS resolver policy. |
Extension | GA |
| az dns-resolver policy dns-security-rule wait |
Place the CLI in a waiting state until a condition is met. |
Extension | GA |
az dns-resolver policy dns-security-rule create
Create a DNS security rule for a DNS resolver policy.
az dns-resolver policy dns-security-rule create --action
--dns-security-rule-name --name
--domain-lists
--policy-name
--priority
--resource-group
[--if-match]
[--if-none-match]
[--location]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--rule-state {Disabled, Enabled}]
[--tags]Examples
Upsert DNS security rule
az dns-resolver policy dns-security-rule create --resource-group sampleResourceGroup --policy-name sampleDnsResolverPolicy --dns-security-rule-name sampleDnsSecurityRule --location westus2 --tags "{key1:value1}" --priority 100 --action "{action-type:Block}" --domain-lists "[{id:/subscriptions/abdd4249-9f34-4cc6-8e42-c2e32110603e/resourceGroups/sampleResourceGroup/providers/Microsoft.Network/dnsResolverDomainLists/sampleDnsResolverDomainList}]" --rule-state EnabledRequired Parameters
The action to take on DNS requests that match the DNS security rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The name of the DNS security rule.
DNS resolver policy domains lists that the DNS security rule applies to. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The name of the DNS resolver policy.
The priority of the DNS security rule.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
ETag of the resource. Omit this value to always overwrite the current resource. Specify the last-seen ETag value to prevent accidentally overwriting any concurrent changes.
Set to '*' to allow a new resource to be created, but to prevent updating an existing resource. Other values will be ignored.
The geo-location where the resource lives When not specified, the location of the resource group will be used.
| Property | Value |
|---|---|
| Parameter group: | Parameters Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The state of DNS security rule.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
| Accepted values: | Disabled, Enabled |
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Parameters Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az dns-resolver policy dns-security-rule delete
Delete a DNS security rule for a DNS resolver policy. WARNING: This operation cannot be undone.
az dns-resolver policy dns-security-rule delete [--dns-security-rule-name --name]
[--ids]
[--if-match]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--policy-name]
[--resource-group]
[--subscription]
[--yes]Examples
Delete DNS security rule for DNS resolver policy
az dns-resolver policy dns-security-rule delete --resource-group sampleResourceGroup --policy-name sampleDnsDnsResolverPolicy --dns-security-rule-name sampleDnsSecurityRuleOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The name of the DNS security rule.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
ETag of the resource. Omit this value to always overwrite the current resource. Specify the last-seen ETag value to prevent accidentally overwriting any concurrent changes.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The name of the DNS resolver policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az dns-resolver policy dns-security-rule list
List DNS security rules for a DNS resolver policy.
az dns-resolver policy dns-security-rule list --policy-name
--resource-group
[--max-items]
[--next-token]
[--top]Examples
List DNS security rules by DNS resolver policy
az dns-resolver policy dns-security-rule list --resource-group sampleResourceGroup --policy-name sampleDnsResolverPolicyRequired Parameters
The name of the DNS resolver policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Token to specify where to start paginating. This is the token value from a previously truncated response.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
The maximum number of results to return. If not specified, returns up to 100 results.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az dns-resolver policy dns-security-rule show
Get properties of a DNS security rule for a DNS resolver policy.
az dns-resolver policy dns-security-rule show [--dns-security-rule-name --name]
[--ids]
[--policy-name]
[--resource-group]
[--subscription]Examples
Retrieve DNS security rule for DNS resolver policy
az dns-resolver policy dns-security-rule show --resource-group sampleResourceGroup --policy-name sampleDnsResolverPolicy --dns-security-rule-name sampleDnsSecurityRuleOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The name of the DNS security rule.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The name of the DNS resolver policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az dns-resolver policy dns-security-rule update
Update a DNS security rule for a DNS resolver policy.
az dns-resolver policy dns-security-rule update [--action]
[--add]
[--dns-security-rule-name --name]
[--domain-lists]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--if-match]
[--if-none-match]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--policy-name]
[--priority]
[--remove]
[--resource-group]
[--rule-state {Disabled, Enabled}]
[--set]
[--subscription]
[--tags]Examples
Update a dns-security rule.
az dns-resolver policy dns-security-rule update --resource-group sampleResourceGroup --policy-name sampleDnsResolverPolicy --dns-security-rule-name sampleDnsSecurityRule --location westus2 --tags "{key1:value1}" --priority 100 --action "{action-type:Block}" --domain-lists "[{id:/subscriptions/abdd4249-9f34-4cc6-8e42-c2e32110603e/resourceGroups/sampleResourceGroup/providers/Microsoft.Network/dnsResolverDomainLists/sampleDnsResolverDomainList}]" --rule-state EnabledOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The action to take on DNS requests that match the DNS security rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
The name of the DNS security rule.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
DNS resolver policy domains lists that the DNS security rule applies to. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
ETag of the resource. Omit this value to always overwrite the current resource. Specify the last-seen ETag value to prevent accidentally overwriting any concurrent changes.
Set to '*' to allow a new resource to be created, but to prevent updating an existing resource. Other values will be ignored.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The name of the DNS resolver policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The priority of the DNS security rule.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The state of DNS security rule.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
| Accepted values: | Disabled, Enabled |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Parameters Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az dns-resolver policy dns-security-rule wait
Place the CLI in a waiting state until a condition is met.
az dns-resolver policy dns-security-rule wait [--created]
[--custom]
[--deleted]
[--dns-security-rule-name --name]
[--exists]
[--ids]
[--interval]
[--policy-name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
Wait until deleted.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
The name of the DNS security rule.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Wait until the resource exists.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Polling interval in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 30 |
The name of the DNS resolver policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Maximum wait in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
