add . domain comment

greg-lindsay · greg-lindsay · commit 4af6073e773f · 2025-02-10T08:53:18.000-08:00
diff --git a/articles/dns/dns-security-policy.md b/articles/dns/dns-security-policy.md
@@ -5,7 +5,7 @@ author: greg-lindsay
 manager: KumuD
 ms.service: azure-dns
 ms.topic: article
-ms.date: 01/06/2025
+ms.date: 02/10/2025
 ms.author: greglin
 ---
 
@@ -56,6 +56,7 @@ To display DNS traffic rules in the Azure portal, select a DNS security policy a
 - Rules are processed in order of **Priority** in the range 100-65000. Lower numbers are higher priority.
     * If a domain name is blocked in a lower priority rule, and the same domain is allowed in a higher priority rule, the domain name is allowed.
     * Rules follow the DNS hierarchy. If contoso.com is allowed in a higher priority rule, then sub.contoso.com is allowed, even if sub.contoso.com is blocked in a lower priority rule.
+    * You can configure a policy on all domains by creating a rule that applies to the "." domain. Be careful when blocking domains so that you don't block necessary Azure services.
 - You can dynamically add and delete rules from the list. Be sure to **Save** after editing rules in the portal.
 - Multiple **DNS Domain Lists** are allowed per rule. You must have at least one DNS domain list. 
 - Each rule is associated with one of three **Traffic Actions**: **Allow**, **Block**, or **Alert**.
