Merge pull request #268827 from brianlehr/localbranch

added DNLS info

Author: prmerger-automator[bot]

articles/aks/ingress-tls.md

@@ -245,7 +245,7 @@ You can configure your FQDN using one of the following methods:
 * Set the DNS label using Azure CLI or Azure PowerShell.
 * Set the DNS label using Helm chart settings.
 
-For more information, see [Public IP address DNS name labels](../virtual-network/ip-services/public-ip-addresses.md#dns-name-label).
+For more information, see [Public IP address DNS name labels](../virtual-network/ip-services/public-ip-addresses.md#domain-name-label).
 
 #### Set the DNS label using Azure CLI or Azure PowerShell
 

articles/virtual-network/ip-services/configure-public-ip-vm.md

@@ -7,7 +7,7 @@ ms.author: mbender
 ms.service: virtual-network
 ms.subservice: ip-services
 ms.topic: how-to 
-ms.date: 08/24/2023
+ms.date: 08/25/2023
 ms.custom: template-how-to 
 ---
 

articles/virtual-network/ip-services/public-ip-addresses.md

@@ -67,7 +67,7 @@ Public IP addresses can be created with an IPv4 or IPv6 address. You may be give
 
 ## SKU
 
-Public IP addresses are created with one of the following SKUs:
+Public IP addresses are created with a SKU of **Standard** or **Basic**.  The SKU determines their functionality including allocation method, feature support, and resources they can be associated with.  Full details are listed in the table below:
 
 | Public IP address | Standard  | Basic |
 | --- | --- | --- |
@@ -116,7 +116,7 @@ For example, a public IP resource is released from a resource named **Resource A
 | Basic public IPv4 | :white_check_mark: | :white_check_mark: |
 | Basic public IPv6 | x | :white_check_mark: |
 
-## DNS Name Label
+## Domain Name Label
 
 Select this option to specify a DNS label for a public IP resource. This functionality works for both IPv4 addresses (32-bit A records) and IPv6 addresses (128-bit AAAA records). This selection creates a mapping for **domainnamelabel**.**location**.cloudapp.azure.com to the public IP in the Azure-managed DNS. 
 
@@ -133,6 +133,27 @@ The fully qualified domain name (FQDN) **contoso.westus.cloudapp.azure.com** res
 
 If a custom domain is desired for services that use a public IP, you can use [Azure DNS](../../dns/dns-custom-domain.md?toc=%2fazure%2fvirtual-network%2ftoc.json#public-ip-address) or an external DNS provider for your DNS Record.
 
+## Domain Name Label Scope (preview)
+
+Public IPs also have an optional parameter for **Domain Name Label Scope**, which defines what domain label an object with the same name will use. This feature can help to prevent "dangling DNS names" which can be reused by malicious actors.  When this option is chosen, the public IP address' DNS name will have an additional string in between the **domainnamelabel** and **location** fields, e.g. **contoso.fjdng2acavhkevd8.westus.cloudapp.Azure.com**.  (This string is a hash generated from input specific to your subscription, resource group, domain name label, and other properties.)
+
+>[!Important]
+> Domain Name Label Scope is currently in public preview.  It's provided without a service-level agreement, and is not recommended for production workloads. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+The value of the **Domain Name Label Scope** must match one of the options below:
+
+| Value | Behavior |
+| --- | --- |
+| TenantReuse |	Object with the same name in the same tenant will receive the same Domain Label |
+| SubscriptionReuse	| Object with the same name in the same subscription will receive the same Domain Label |
+| ResourceGroupReuse | Object with the same name in the same Resource Group will receive the same Domain Label |
+| NoReuse | Object with the same name will receive a new Domain Label for each new instance |
+
+For example, if **SubscriptionReuse** is selected as the option, and a customer who has the example domain name label **contoso.fjdng2acavhkevd8.westus.cloudapp.Azure.com** deletes and re-deploys a public IP address using the same template as before, the domain name label will remain the same.  If the customer deploys a public IP address using this same template under a different subscription, the domain name label would change (e.g. **contoso.c9ghbqhhbxevhzg9.westus.cloudapp.Azure.com**).
+
+> [!IMPORTANT]
+> The domain name label scope can only be specified at the creation of a public IP address.
+
 ## Availability Zone
 
 Public IP addresses with a standard SKU can be created as nonzonal, zonal, or zone-redundant in [regions that support availability zones](../../availability-zones/az-region.md).