For Azure Front Door services, the script marks root domains incorrectly as dangled
murraymcpherson opened this issue · comments
Describe the bug
Azurefd.net root domains are incorrectly marked as dangled
I have pasted a snippet of the Get-DanglingDnsRecords.ps1 below where it is supposed to be checking Azure Front Door based subdomains and root domains. First it looks at subdomains by matching against the "." prefix and increments the $count variable when it finds them. If it does it adds to matching resources, if not it adds to missing resources.
If the Azure Front Door domain is a root domain, or in other words does not have a "." prefix, $count is not incremented and it goes straight to the missing resources. It will not successfully perform a check to see if the domain exists in the Azure resource hash.
Reproduce
In this hypothetical scenario we have an Azure front door service on test.azurefd.net, with subdomain subdomain.test.azurefd.net.
If you had a CSV CNameDNSMap.csv
with the following contents such as:
CName | Fqdn |
---|---|
first.test.com | test.azurefd.net |
second.test.com | subdomain.test.azurefd.net |
Then executed:
.\Get-DanglingDnsRecords.ps1 -InputFileDnsRecords .\CNameDNSMap.csv
The result would be first.test.com will be detected as dangling, second.test.com will not. The expected result is both are not detected as dangling.
Solution
This could be fixed (for example) by removing the "." prefix match so it will check both subdomain and root domains:
$count = (($AzResourcesHash.GetEnumerator() | Where { $item.FQDN -match $_.key }) | Measure-Object).Count
<--- original code snippet --->
#Azurefd can have subdomains also which we cannot mark as dangled
If ($item.FQDN) {
$key = $item.Fqdn.trim(" ").tolower()
#Azurefd can have subdomains also which we cannot mark as dangled
if($item.FQDN -match "azurefd.net")
{
$count = (($AzResourcesHash.GetEnumerator() | Where { $item.FQDN -match "."+$_.key}) | Measure-Object).Count
if($count -gt 0)
{
[void]$AzCNameMatchingResources.add($item)
}
else
{
[void]$AzCNameMissingResources.add($Item)
}
}
else
<--- original code snippet --->
I am running into similar issue, Especially for FrontDoors we are using the CNAMES that are different from the resource names / FrontEnd domain names. The script is marking all the CNAME are dangling domains. Is it something am i doing wrong?
Ex:
CNAME- ServiceTest
FrontDoorResourceName fd-ServiceTestUI-gbl-dev.azurefd.net
FrontDoor Domain ServiceTest.dnszone.com