Error with the Get-DanglingDnsRecords script when DNS contains wild character *.abc.xyz.mno.net against multiple azure subscriptions

Question

Error with the Get-DanglingDnsRecords script when DNS contains wild character *.abc.xyz.mno.net against multiple azure subscriptions

NavidKhan8 opened this issue 19 days ago · comments

Describe the bug
In clear words, please provide a concise description of the bug

We are using Microsoft recommended PowerShell module for identifying dangling DNS in Azure platform and it was working fine for last one year but from last month it's failing with below error message

Powershell module link reference : https://learn.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover#identify-dangling-dns-entries

Upon investigation found a bug with the module which was unable to handle the DNS entry point name if it has wild character for example *.abc.xyz.mno.net as an entry

It was due to using -match instead of -contains, below is code snippet found an issue

if ($item.FQDN -match "azurefd.net") {
                $count = (($AzResourcesHash.GetEnumerator() | Where { $item.FQDN **-match**  $_.key }) | Measure-Object).Count

I can fix this either changing from -match to -contains or asking users to delete wild character in DNS name but we have around 100s of DNSs so wouldn't able to control user on creating DNS name so it will be ideal to handle such scenario in the script

Reproduce
Steps to reproduce the behavior:
Install-Module -Name AzDanglingDomain -Scope CurrentUser
Import-Module -Name AzDanglingDomain -Force
Get-DanglingDnsRecords -FetchDnsRecordsFromAzureSubscription

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots/images to help explain your problem.

Environment- if applicable

What version of CLI was used [Az –version]
PowerShell 7

Desktop (please complete the following information if applicable):

Windows 11

Logs- if applicable

If logs are available, please provide relevant snippets
| … .GetEnumerator() | Where-Object { $item.FQDN -match $_.key }) | Meas …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Invalid pattern '.abc.xyz.mno.net' at offset 1. Quantifier '' following nothing

Additional context
Add any other context about the problem here.
Opened a case with MS for the same and they have directed to open a GitHub issue so that internal team can review.

github-actions · Answer 1 · Wed Jun 05 2024 14:05:32 GMT+0800 (China Standard Time)

Message that will be displayed on users' first issue

Sagarthore11 · Answer 2 · Wed Jun 05 2024 16:25:41 GMT+0800 (China Standard Time)

Hello Team,

We are also facing the same problem. Can you please up us on it

Thanks

Sagarthore11 · Answer 3 · Mon Jun 10 2024 23:50:17 GMT+0800 (China Standard Time)

Hello Experts,

Greetings for the day

Could you please help us on it

Thanks

shabaz-github · Answer 4 · Tue Jun 11 2024 14:14:58 GMT+0800 (China Standard Time)

@abhijeetgaiha / @tanviohri - Please take a look into this issue.