Incorrectly flagging root of domain as dangling

Question

Incorrectly flagging root of domain as dangling

Opened this issue 4 years ago · 4 comments

Describe the bug
This tool reports the root (or apex) of the domain as "dangling" when in fact it has been mapped. This appears to be due to the tool ONLY recognising & querying CNAME DNS records. However, the root (or apex) of a domain can NOT have a CNAME associated with it. (A CNAME record is not allowed to coexist with any other data. If a CNAME for the apex is created, DNS resolution will break for the domain. See RFC 1912 section-2.4)

To achieve an Azure mapping for the apex behaviour, an ANAME record must be created in the DNS. This ANAME record can be mapped to the Azure resource, or more usually, mapped to the CNAME that is in turn mapped to an Azure resource.

For example, we may wish to map both "www.contoso.com" subdomain and the root domain, "contoso.com" to a CDN resource. to accomplish this, we an create a CNAME record for "www.contoso.com" that maps to the CDN endpoint "contosowebsite.azureedge.net" . However to map "contoso.com" to the same endpoint, we can NOT create a CNAME. To map the apex record "contoso.com" we create an ANAME record in the DNS that point to "www.contoso.com" or to "contosowebsite.azureedge.net" This now has the effect that DNS lookups for both "www.contoso.com" and "contoso.com" both resolve to "contosowebsite.azureedge.net". Thus "contoso.com" is NOT a dangling domain!!

Reproduce
Steps to reproduce the behavior:

Create a CDN custom domain of "contoso.com" to an endpoint
Verify the domain by using the CDNVERIFY method (we can't use auto verification as we can't crate a CNAME)
Create an ANAME record in the DNS pointing "contoso.com" to the resource endpoint
Browse to the endpoint using "contoso.com" and note that it is correctly mapped.
Run Get-DanglingDnsRecords.ps1
Note that "contoso.com" is INCORRECTLY flagged as a dangling domain!!

Expected behaviour
The apex (root) of a domain should be checked properly to see if it is in fact dangling.
i.e. check to see if an ANAME exists that is mapped to a valid Azure resource (either explicitly or via mapping to a CNAME that in turn is correctly mapped)
The apex of a domain should NOT be reported as dangling if it in fact resolves to a valid Azure resource.

Screenshots
N/A

Environment- if applicable
N/A

Desktop (please complete the following information if applicable):
N/A

Logs- if applicable
N/A

Additional context
N/A

Answer 1 · 2021-10-27T20:35:35.000Z

@Arun-Mudiraj has this been fixed in subsequent updates?

Answer 2 · 2021-10-28T06:59:47.000Z

not yet @tobystic

Answer 3 · 2022-09-08T14:59:43.000Z

Can I contribute to the project?

Answer 4 · 2023-02-13T19:20:26.000Z

@2021H1030039G Contributions are welcome under the contribution guidelines