search

MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.09k stars 21.14k forks source link

Misleading Documentation on Custom Host Names #119383

Closed Gamecock closed 5 months ago

Gamecock commented 5 months ago

This warning is misleading:

While it's not absolutely required to add the TXT record, it's highly recommended for security. The TXT record is a domain verification ID that helps avoid subdomain takeovers from other App Service apps. For custom domains you previously configured without this verification ID, you should protect them from the same risk by adding the verification ID (the TXT record) to your DNS configuration. For more information on this common high-severity threat, see Subdomain takeover.

Both the portal or az cli require a TXT record. It is required by Azure.

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

AjayBathini-MSFT commented 5 months ago

@Gamecock Thanks for your feedback! We will investigate and update as appropriate.

BryanTrach-MSFT commented 5 months ago

@Gamecock Can you please expand upon the part about it not being required by the portal or CLI but is required by Azure?

Are you trying to say while its not technically required, it is a security best practice to use the txt record?

Gamecock commented 5 months ago

@Gamecock Can you please expand upon the part about it not being required by the portal or CLI but is required by Azure?

Are you trying to say while its not technically required, it is a security best practice to use the txt record?

I got mixed up between Both require a txt record and Neither allow creating without a txt record Sorry :(.

BryanTrach-MSFT commented 5 months ago

@Gamecock No worries! I hope you have a great week ahead.

We will now proceed to close this thread. If there are further questions regarding this matter, please tag me in your reply. We will gladly continue the discussion and we will reopen the issue.

Gamecock commented 5 months ago

@BryanTrach-MSFT The documentation needs to be updated from. While it's not absolutely required to add the TXT record, it's highly recommended for security. to Azure requires adding the TXT record for security purposes. or words to that effect. I wasted an hour or two trying to figure out how to do it without putting in an internal support ticket. Thanks, Mike