-
Notifications
You must be signed in to change notification settings - Fork 0
DNS
Colby Farley edited this page Apr 7, 2026
·
3 revisions
dns is the zone-first namespace command for public and private DNS posture.
Use it when you need to know which namespaces matter before you worry about individual record dumps.
- Which public or private zones deserve review first?
- Which namespace most changes exposure or internal service trust?
- Which zones are externally meaningful, privately central, or otherwise more important than the rest?
azurefox dns --output tableFor saved structured output:
azurefox dns --output json| zone | kind | inventory | namespace |
|---|---|---|---|
corp.example.com |
public |
records=9/10000 |
ns=4 |
partner.example.net |
public |
records=4/10000 |
ns=4 |
privatelink.database.windows.net |
private |
records=6/25000 |
vnet-links=2; reg-links=1; pe-refs=2 |
- when namespace posture matters more than individual records
- when public delegation or private-link anchoring may change how you interpret service exposure
- when you need to rank zones before any deeper zone-specific review
- clearly public zones with external relevance
- private zones tied to many VNets or private endpoints
- namespaces that anchor database, private-link, or central internal service access
- enough public-versus-private context to make the reason for priority obvious
DNS zones can reveal both exposure and internal trust boundaries.
A public zone shapes external attack-surface context. A private zone tied to many VNets or private
endpoints can show where important internal service access paths live. dns helps you rank the
namespaces that matter first without turning into a record dump.
- public zones when they are clearly externally meaningful
- private zones with stronger private endpoint and VNet linkage
- namespace posture that changes exposure or service trust
- enough context to explain why the zone is near the top
- If you see a public zone backing an external-looking namespace, go next to Endpoints because it helps connect that namespace to the assets AzureFox already sees exposing hostnames or public IPs.
- If you see a private zone with many VNet or private endpoint links, go next to Resource-Trusts because it shows which private-service trust boundaries matter behind that namespace.
- If you see
privatelink.database.windows.netor another database private-link namespace, go next to Databases because it shows the database servers anchored to that private namespace.
- Start with the namespaces that most affect exposure or internal service access.
- Use public zones to prioritize ingress follow-up and private zones to prioritize trust-boundary follow-up.
- Treat the namespace as the anchor that tells you which service family matters next.
dns is a zone-level posture command.
It should rank namespaces that deserve follow-up first. It is not a record export or live resolution workflow.
- Home
- Getting Started
- Platform Notes
- Running Against The Proof Lab
- Understanding Output
- Command Guides
Core
Identity
Config
Secrets
Storage
Resource
Compute
Orchestration
Chain Families
Grouped Sweeps
Investigations
- Axios - Post Exposure Azure Triage
- From EvilTokens to AzureFox: Why Token Theft Can Become Azure Control
- FAQ / Known Limits (coming soon)