Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


This is a library of a few Powershell scripts written to interact with Azure DNS Zones. There are two scripts currently, one to bulk import records into a dns zone and one to bulk remove records from a dns zone.

Getting Started

These Powershell scripts rely on the Az Powershell Module. If you currently have the AzureRM Module installed, please follow the above link to learn how to upgrade to the new module.


Az Powershell Module

Install-Module -Name Az -AllowClobber



This script bulk imports zone records into an Azure DNS Zone using a csv file.

If the DNS Zone does not exist in the selected subscription, the script will prompt to automatically create the domain.

If a record already exists in Azure and the record type allows additional records (ex, TXT), the script will append the new value to the existing record set and submit it. If it can't be appended, like an A record, it will output an error.

Let's get real. I wrote this script to move away from a company called Peer 1. They allowed duplicate CNAME and A records, which is technically not allowed. Because of this, I have a check in here to avoid an Azure error that I'd like to talk about. If you have a duplicate CNAME and A record, the script will favor CNAMEs over A records, so check your logs. This was a requirement for us since we needed to point to deployment slots in web apps which are url based. You will get detailed logs of why a CNAME or A was picked or skipped, so check the output.


The csv file should have the following headers:

  • name -- The record name (@, *, www, etc)
  • ttl -- Time to Live
  • type -- Record Type (CNAME, A, TXT, etc)
  • options -- Options for special records, like priority for MX
  • value -- Record Value


MigrateZones -FileName <string> -ResourceGroupName <string> [-SubscriptionId <string>] [-OverrideDomainName <string>]  [-DefaultTtl <int32>] [IpFilterSource <string>] [-Force]



The FileName of the csv for bulk importing. This file needs the headers mentioned above. It will error out if the header is not found or if they are wrong. By default, the filename can be the target dns zone name (ie, the domain). For example, "" can be inferred from "".

For the record name, it is ok to have the full host name in there (ex. It will strip from the host name and just select www as the record name.


Resource Group the DNS Zone belongs to.


Supplying a domain name to this parameter will make the script ignore inferring the domain from the filename.


Specify a value for Ttl when it is missing in the csv field. This parameter is optional and defaults to 1 hour.


Will force dialogs to yes answers. There are 2 possible dialogs: One to confirm the domain if inferred from the filename and one to create a DNS Zone that doesn't exist.


Specify an IP or just a prefix to filter out records you do not want to migrate. I used this because I didn't want to migrate dead records, which in my case, all started with the same network part.


Optional Parameter to select a subscription id upon Azure login.


The script outputs info, warning, and error lines depending upon the result of an Azure command. You can pipe this to a file if you'd like. It logs every action it takes.


Given the following csv file as

name,ttl,type,options,value,300,A,,,300,A,,,3600,A,,,,CNAME,,,3600,TXT,,,3600,MX,priority: 10,,,CNAME,,

We can run:

./MigrateDomains.ps1 -ResourceGroupName example-prod -FileName

This will infer the domain from the file name and import the records into the DNS Zone. This is the simplest way to run the script.

With results in Azure showing:

Name Type Ttl Options Record
@ A 300
mail A 300
news A 3600
www CNAME 3600
@ TXT 3600 MX 3600 10

Notice the bold ttl in the table above for the CNAME entry. In the csv, it was missing, so the default ttyl was used.

Also Notice The last CNAME entry from the csv file is not in the list. It will have produced an error in the output because there is a matching A record for "@".



This script will clear records from a dns zone in Azure based on an optional type filter. This automatically ignores SOA and NS records.




ClearAllDnsRecords -ResourceGroupName <string> -DnsZoneName <string> [-SubscriptionId <string>] [-RecordTypes <string>]



The resource group the DNS Zone belongs to


The DNS Zone Name for the target zone to remove records from.


Optionally specify Subscription for this zone.


Comma seperated values of record types to filter by. This parameter is optional and, if omitted, all record types will be selected.


The script outputs info, warning, and error lines depending upon the result of an Azure command. You can pipe this to a file if you'd like. It logs every action it takes.


We can run:

./ClearAllDnsRecords.ps1 -ResourceGroupName example-prod -ResourceTypes "MX,A"

This will grab all records that have an MX or A type and remove them. If we have the above records from, we would remove the below:

Name Type Ttl Options Record
www CNAME 3600
@ TXT 3600



This script will query a specified list of nameservers until a record value is found and then write the results to a csv. The purpose was to validate after migrating zones that the url's still resolved to the same destinations. Keeping the original csv format, this will produce a new file as a report showing which name server the url was resolved to (if any) and what the value was.

If you specify a values column, the script will compare all TXT entries for TXT queries and output the match, if there is one. If not, it will output the entire TXT value.


This tool uses the same csv file format as MigrateZones.ps1. See above table for definition. The following headers must be present:

  • name
  • type


DigDomains.ps1 -FileName <string> [-AzureNameServers <string>]



The csv filename for which you want to run DNS queries against.


You can use a comma-separated list of Azure DNS servers if you know ahead of time which ones you want to test. If you omit this parameter, the dns servers 1-7 will be used.


We can run:

./DigDomains.ps1 -FileName -AzureNameServers ","

This will run the report on only 2 Azure name servers. It will output the report to


Tools for Working with Azure DNS Zones




No releases published


No packages published