|
| 1 | +--- |
| 2 | +title: Private DNS information in Azure Resource Graph |
| 3 | +titleSuffix: Azure DNS |
| 4 | +description: Learn how to query Azure Private DNS zones using Azure Resource Graph. |
| 5 | +services: dns |
| 6 | +author: greg-lindsay |
| 7 | +ms.service: dns |
| 8 | +ms.date: 03/20/2024 |
| 9 | +ms.author: greglin |
| 10 | +ms.topic: how-to |
| 11 | +--- |
| 12 | + |
| 13 | +# Private DNS information in Azure Resource Graph |
| 14 | + |
| 15 | +This article describes some of the ways you can use Azure Resource Graph Exporer to view information about your Azure Private DNS zones and records. Some example queries are provided. |
| 16 | + |
| 17 | +[Azure Resource Graph](../governance/resource-graph/overview.md) (ARG) is an Azure service that allows you to query your Azure resources with complex filtering, grouping, and sorting. ARG queries provide detailed information about your resources and you can display the results in several ways. |
| 18 | + |
| 19 | +You can display information about your DNS zones, including: |
| 20 | + |
| 21 | +- The type and number of resource records in one or all zones |
| 22 | +- A list of resource record names and IP addresses |
| 23 | +- Virtual network links |
| 24 | +- Autoregistered resource records |
| 25 | + |
| 26 | +This is a brief list. Many other details can be queried. |
| 27 | + |
| 28 | +## The dnsresources table |
| 29 | + |
| 30 | +To use Resource Graph in the Azure portal, search and select **Resource Graph Explorer**. In the left-hand navigation pane, select the **Table** tab and review the **dnsresources** table. This table is used to query private DNS zone data. Public DNS zones aren't queried when you use this table. |
| 31 | + |
| 32 | +Select **dnsresources** to create a basic query and then click **Run query** to return the results. See the following example: |
| 33 | + |
| 34 | + |
| 35 | + |
| 36 | +To replace IDs with display names and show values as links where possible, toggle **Formatted results** to **On** in the upper right corner of the display. To view the details for a record, scroll to the right and select **See details**. The first few records shown in the previous example are PTR records (type = microsoft.network/privatednszones/ptr). |
| 37 | + |
| 38 | +## Count resource records by type |
| 39 | + |
| 40 | +The following query uses the **dnsresources** table to provide a count of resource records by type for all private zones: |
| 41 | + |
| 42 | +```Kusto |
| 43 | +dnsresources |
| 44 | +| summarize count() by recordType = tostring(type) |
| 45 | +``` |
| 46 | + |
| 47 | + |
| 48 | + |
| 49 | +The query counts all records that the current subscription has permission to view. You can also view the count visually by selecting the **Charts** tab and then selecting the chart type. The following is an example of a **Donut chart**: |
| 50 | + |
| 51 | + |
| 52 | + |
| 53 | +## List, filter, search, and sort resource records |
| 54 | + |
| 55 | +Query results can be filtered by specifying parameters such as the zone name, subscription ID, resource group, or record type. For example, the following example query returns list of A or CNAME records in the zone **private.contoso.com** for a given subscription and resource group. The output of this query is similar to viewing the private zone, with the added ability to filter and sort results by name and type: |
| 56 | + |
| 57 | +```Kusto |
| 58 | +dnsresources |
| 59 | +| where managedBy == "private.contoso.com" |
| 60 | +| where subscriptionId == "<your subscription ID>" |
| 61 | +| where resourceGroup == "<your resource group name>" |
| 62 | +| where type in ( |
| 63 | + "microsoft.network/privatednszones/a", |
| 64 | + "microsoft.network/privatednszones/cname" |
| 65 | +) |
| 66 | +| project name, type, properties |
| 67 | +``` |
| 68 | + |
| 69 | + |
| 70 | + |
| 71 | +Record types that can be specified are: a, aaaa, cname, mx, ptr, soa, srv, and txt. |
| 72 | + |
| 73 | +You can also query for specific IP addresses or address ranges. The following query returns private DNS records that match a specific IPv4 address: |
| 74 | + |
| 75 | +```Kusto |
| 76 | +dnsresources |
| 77 | +| where properties['records'][0]['ipv4Address'] == "10.10.2.5" |
| 78 | +| project name, type, resourceGroup, properties |
| 79 | +``` |
| 80 | + |
| 81 | +### Regular expressions |
| 82 | + |
| 83 | +The Kusto query language also supports [regular expressions](/azure/data-explorer/kusto/query/re2). The following query uses a regular expression to match and list all IPv4 addresses in the given private DNS zone and specified subscription: |
| 84 | + |
| 85 | +```Kusto |
| 86 | +dnsresources |
| 87 | +| where subscriptionId == "<your subscription ID>" |
| 88 | +| where managedBy == "private.contoso.com" |
| 89 | +| where properties matches regex @'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}' |
| 90 | +| extend IP=extract_all(@'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\/\d{1,2}){0,1})',tostring(properties)) |
| 91 | +| project name, IP, resourceGroup, properties |
| 92 | +| mv-expand IP |
| 93 | +| order by name |
| 94 | +``` |
| 95 | + |
| 96 | + |
| 97 | +## Zones with virtual network links |
| 98 | + |
| 99 | +The following query lists all private DNS zones that have virtual network links and displays the autoregistration status. This query uses the generic **resources** table, not the **dnsresources** table and specifies a resource type of only **privatednszones**. |
| 100 | + |
| 101 | +```Kusto |
| 102 | +resources |
| 103 | +| where subscriptionId == "<your subscription ID>" |
| 104 | +| where ['type'] == "microsoft.network/privatednszones/virtualnetworklinks" |
| 105 | +| extend registrationEnabled=(properties.registrationEnabled) |
| 106 | +| project name, registrationEnabled, resourceGroup, properties |
| 107 | +``` |
| 108 | + |
| 109 | + |
| 110 | +## Autoregistered DNS records |
| 111 | + |
| 112 | +The following query lists autoregistered IPv4 private DNS records: |
| 113 | + |
| 114 | +```Kusto |
| 115 | +dnsresources |
| 116 | +| where subscriptionId == "<your subscription ID>" |
| 117 | +| where isnull(properties.virtualNetworkId) == false |
| 118 | +| extend linkname=(properties.virtualNetworkLinkName) |
| 119 | +| extend ipaddress=properties['records'][0]['ipv4Address'] |
| 120 | +| project name, ipaddress, type, linkname, properties |
| 121 | +``` |
| 122 | + |
| 123 | + |
| 124 | +## Next steps |
| 125 | + |
| 126 | +* Learn how to [manage record sets and records](./private-dns-getstarted-cli.md) in your DNS zone. |
0 commit comments