You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/dns/dns-security-policy.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,7 +22,7 @@ This article provides an overview of DNS security policy. Also see the following
22
22
## What DNS security policy?
23
23
24
24
DNS security policy offers the ability to filter and log DNS queries at the virtual network (VNet) level. With DNS security policy you can:
25
-
- Create rules to protect against DNS-based attacks by blocking block name resolution of known or malicious domains.
25
+
- Create rules to protect against DNS-based attacks by blocking name resolution of known or malicious domains.
26
26
- Save and view detailed DNS logs to gain inside into your DNS traffic.
27
27
28
28
DNS logs can be sent to a storage account, log analytics workspace, or event hubs. You can choose to allow, alert, or block DNS queries.
@@ -37,7 +37,7 @@ DNS Security Policy can be configured using Azure PowerShell or the Azure portal
37
37
38
38
### Location
39
39
40
-
A security policy can only apply to VNets in the same region. You can create any number of security policies in the same region. In the following example, two polices are created in each of two different regions (East US and Central US).
40
+
A security policy can only apply to VNets in the same region. You can create any number of security policies in the same region. In the following example, two policies are created in each of two different regions (East US and Central US).
41
41
42
42
43
43
@@ -79,7 +79,7 @@ You can associate a domain list to multiple DNS traffic rules in different secur
79
79
80
80
81
81
82
-
When viewing a DNS domain list in the Azure portal, you can also select **Settings** > **Associated DNS Traffic Rules** to see a list of all traffic rules and thye associated DNS security policies that reference the DNS domain list.
82
+
When viewing a DNS domain list in the Azure portal, you can also select **Settings** > **Associated DNS Traffic Rules** to see a list of all traffic rules and the associated DNS security policies that reference the DNS domain list.
83
83
84
84
Copy file name to clipboardExpand all lines: articles/dns/dns-traffic-log-how-to.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,7 +41,7 @@ To create a DNS security policy using the Azure portal:
41
41
42
42
43
43
5. Select **Next: Virtual Networks Link** and then select **+ Add**.
44
-
6. VNets in the same region as the security policy are displayed. Select one or more available VNets and then select **Add**. You can't choose a VNet that is already associated with another security policy. In the following example, two VNets have already been associated with a security policy, leaving two VNets available to select.
44
+
6. VNets in the same region as the security policy are displayed. Select one or more available VNets and then select **Add**. You can't choose a VNet that is already associated with another security policy. In the following example, two VNets are associated with a security policy, leaving two VNets available to select.
45
45
46
46
47
47
@@ -52,7 +52,7 @@ To create a DNS security policy using the Azure portal:
52
52
> [!NOTE]
53
53
> Virtual network links are created for all VNets displayed in the list, whether or not they are *selected*. Use checkboxes to select VNets for removal from the list.
54
54
55
-
8. Select **Review + create** and then select **Create**. Choosing **Next: DNS Traffic Rules** is skipped here, but you also have the option to create traffic rules now. In this guide, traffic rules and DNS domain lists are created and applied to DNS security policy later.
55
+
8. Select **Review + create** and then select **Create**. Choosing **Next: DNS Traffic Rules** is skipped here, but you can also create traffic rules now. In this guide, traffic rules and DNS domain lists are created and applied to DNS security policy later.
56
56
57
57
## Create a log analytics workspace
58
58
@@ -102,9 +102,9 @@ To create a DNS domain list using the Azure portal:
102
102
103
103
104
104
105
-
7. When you have completed entering domain names, select **Review + create** and then select **Create**.
105
+
7. When you complete entering domain names, select **Review + create** and then select **Create**.
106
106
107
-
Repeat this section to create additional domain lists if desired. Each domain list can be associated to a traffic rule that has one of three actions:
107
+
Repeat this section to create more domain lists if desired. Each domain list can be associated to a traffic rule that has one of three actions:
108
108
109
109
-**Allow**: Permit the DNS query and log it.
110
110
-**Block**: Block the DNS query and log the block action.
@@ -150,7 +150,7 @@ See the following example:
150
150
151
151
[](./media/dns-traffic-log-how-to/test-query.png#lightbox)
152
152
153
-
Recall that the traffic rule containing contoso.com was set to **Allow** queries. The query from the VM results in a successful response:
153
+
Recall that the traffic rule containing contoso.com was set to **Allow** queries. The query from the virtual machine results in a successful response:
154
154
155
155
```cmd
156
156
C:\>dig db.sec.contoso.com +short
@@ -165,7 +165,7 @@ Expanding the query details in log analytics displays data such as:
165
165
* ResolutionPath: PrivateDnsResolution
166
166
* ResolverPolicyRuleAction: Allow
167
167
168
-
If the traffic rule is edited and set to **Block** contoso.com queries, the query from the VM results in a failed response. Be sure to select **Save** when you change the components of a rule.
168
+
If the traffic rule is edited and set to **Block** contoso.com queries, the query from the virtual machine results in a failed response. Be sure to select **Save** when you change the components of a rule.
169
169
170
170
0 commit comments