Merge pull request #250469 from greg-lindsay/dns-limits

prmerger-automator[bot] · web-flow · commit 4f9b53c54328 · 2023-09-06T19:38:32.000Z
1k to 4k
diff --git a/articles/dns/dns-zones-records.md b/articles/dns/dns-zones-records.md
@@ -7,13 +7,13 @@ ms.service: dns
 ms.topic: conceptual
 ms.custom: H1Hack27Feb2017
 ms.workload: infrastructure-services
-ms.date: 09/27/2022
+ms.date: 09/06/2023
 ms.author: greglin
 ---
 
 # Overview of DNS zones and records
 
-This article explains the key concepts of domains, DNS zones, DNS records, and record sets. You'll learn how it's supported in Azure DNS.
+This article explains the key concepts of domains, DNS zones, DNS records, and record sets. You learn how they're supported in Azure DNS.
 
 ## Domain names
 
@@ -48,7 +48,7 @@ To create a wildcard record set, use the record set name '\*'. You can also use
 ### CAA records
 
 CAA records allow domain owners to specify which Certificate Authorities (CAs) are authorized to issue certificates for their domain. This record allows CAs to avoid mis-issuing certificates in some circumstances. CAA records have three properties:
-* **Flags**: This field is an integer between 0 and 255, used to represent the critical flag that has special meaning per the [RFC](https://tools.ietf.org/html/rfc6844#section-3)
+* **Flags**: This field is an integer between 0 and 255, used to represent the critical flag that has special meaning per [RFC6844](https://tools.ietf.org/html/rfc6844#section-3)
 * **Tag**: an ASCII string that can be one of the following:
     * **issue**: if you want to specify CAs that are permitted to issue certs (all types)
     * **issuewild**: if you want to specify CAs that are permitted to issue certs (wildcard certs only)
@@ -67,15 +67,15 @@ These constraints arise from the DNS standards and aren't limitations of Azure D
 
 The NS record set at the zone apex (name '\@') gets created automatically with each DNS zone and gets deleted automatically when the zone gets deleted. It can't be deleted separately.
 
-This record set contains the names of the Azure DNS name servers assigned to the zone. You can add more name servers to this NS record set, to support cohosting domains with more than one DNS provider. You can also modify the TTL and metadata for this record set. However, removing or modifying the pre-populated Azure DNS name servers isn't allowed. 
+This record set contains the names of the Azure DNS name servers assigned to the zone. You can add more name servers to this NS record set, to support cohosting domains with more than one DNS provider. You can also modify the TTL and metadata for this record set. However, removing or modifying the prepopulated Azure DNS name servers isn't allowed. 
 
 This restriction only applies to the NS record set at the zone apex. Other NS record sets in your zone (as used to delegate child zones) can be created, modified, and deleted without constraint.
 
 ### SOA records
 
-A SOA record set gets created automatically at the apex of each zone (name = '\@'), and gets deleted automatically when the zone gets deleted. SOA records cannot be created or deleted separately.
+A SOA record set gets created automatically at the apex of each zone (name = '\@'), and gets deleted automatically when the zone gets deleted. SOA records can't be created or deleted separately.
 
-You can modify all properties of the SOA record except for the `host` property. This property gets pre-configured to refer to the primary name server name provided by Azure DNS.
+You can modify all properties of the SOA record except for the `host` property. This property gets preconfigured to refer to the primary name server name provided by Azure DNS.
 
 The zone serial number in the SOA record isn't updated automatically when changes are made to the records in the zone. It can be updated manually by editing the SOA record, if necessary.
 
@@ -94,11 +94,13 @@ The zone serial number in the SOA record isn't updated automatically when change
 
 TXT records are used to map domain names to arbitrary text strings. They're used in multiple applications, in particular related to email configuration, such as the [Sender Policy Framework (SPF)](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DomainKeys Identified Mail (DKIM)](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail).
 
-The DNS standards permit a single TXT record to contain multiple strings, each of which may be up to 255 characters in length. Where multiple strings are used, they are concatenated by clients and treated as a single string.
+The DNS standards permit a single TXT record to contain multiple strings, each of which may be up to 255 characters in length. Where multiple strings are used, they're concatenated by clients and treated as a single string.
 
 When calling the Azure DNS REST API, you need to specify each TXT string separately.  When you use the Azure portal, PowerShell, or CLI interfaces, you should specify a single string per record. This string is automatically divided into 255-character segments if necessary.
 
-The multiple strings in a DNS record shouldn't be confused with the multiple TXT records in a TXT record set.  A TXT record set can contain multiple records, *each of which* can contain multiple strings.  Azure DNS supports a total string length of up to 1024 characters in each TXT record set (across all records combined).
+The multiple strings in a DNS record shouldn't be confused with the multiple TXT records in a TXT record set.  A TXT record set can contain multiple records, *each of which* can contain multiple strings.  Azure DNS supports a total string length of up to 4096 characters`*` in each TXT record set (across all records combined).
+
+`*` 4096 character support is currently only available in the Azure Public Cloud. National clouds are limited to 1024 characters until 4k support rollout is complete.
 
 ## Tags and metadata
 
@@ -110,11 +112,11 @@ Azure DNS supports using Azure Resource Manager tags on DNS zone resources.  It
 
 ### Metadata
 
-As an alternative to record set tags, Azure DNS supports annotating record sets using *metadata*.  Similar to tags, metadata enables you to associate name-value pairs with each record set.  This feature can be useful, for example to record the purpose of each record set. Unlike tags, metadata cannot be used to provide a filtered view of your Azure bill and cannot be specified in an Azure Resource Manager policy.
+As an alternative to record set tags, Azure DNS supports annotating record sets using *metadata*.  Similar to tags, metadata enables you to associate name-value pairs with each record set.  This feature can be useful, for example to record the purpose of each record set. Unlike tags, metadata can't be used to provide a filtered view of your Azure bill and can't be specified in an Azure Resource Manager policy.
 
 ## Etags
 
-Suppose two people or two processes try to modify a DNS record at the same time. Which one wins? And does the winner know that they've overwritten changes created by someone else?
+Suppose two people or two processes try to modify a DNS record at the same time. Which one wins? And does the winner know that they have overwritten changes created by someone else?
 
 Azure DNS uses Etags to handle concurrent changes to the same resource safely. Etags are separate from [Azure Resource Manager 'Tags'](#tags). Each DNS resource (zone or record set) has an Etag associated with it. Whenever a resource is retrieved, its Etag is also retrieved. When updating a resource, you can choose to pass back the Etag so Azure DNS can verify the Etag on the server matches. Since each update to a resource results in the Etag being regenerated, an Etag mismatch indicates a concurrent change has occurred. Etags can also be used when creating a new resource to ensure the resource doesn't already exist.
 
