Add new API version for DNS resolver with DNS security policy changes for 2025-05-01

[jamesvoongms]

ARM (Control Plane) API Specification Update Pull Request

This is a PR that builds on our 2023-07-01-preview that introduces four new resources into the dnsresolver module.

The preview version added a new json containing an upcoming feature for DNS Security Policy. It also changes the existing API spec to use common types v5 from v2.

The changes from the preview version adds a new POST request for one of the resource DNS resolver domain list which allows a user to specify a storage URL for uploading or downloading domain lists (list of domains used by allowing or blocking DNS requests).

Previous Public Preview Review -> #30707
Other azure-rest-api-spec-pr change reviews for additions since last version:
https://github.com/Azure/azure-rest-api-specs-pr/pull/21053
https://github.com/Azure/azure-rest-api-specs-pr/pull/22230
https://github.com/Azure/azure-rest-api-specs-pr/pull/22287

Tip

Overwhelmed by all this guidance? See the Getting help section at the bottom of this PR description.

PR review workflow diagram

Please understand this diagram before proceeding. It explains how to get your PR approved & merged.

Purpose of this PR

What's the purpose of this PR? Check the specific option that applies. This is mandatory!

• New resource provider.
• New API version for an existing resource provider. (If API spec is not defined in TypeSpec, the PR should have been created in adherence to OpenAPI specs PR creation guidance).
• Update existing version for a new feature. (This is applicable only when you are revising a private preview API version.)
• Update existing version to fix OpenAPI spec quality issues in S360.
• Convert existing OpenAPI spec to TypeSpec spec (do not combine this with implementing changes for a new API version).
• Other, please clarify:
  • edit this with your clarification

Due diligence checklist

To merge this PR, you must go through the following checklist and confirm you understood
and followed the instructions by checking all the boxes:

• I confirm this PR is modifying Azure Resource Manager (ARM) related specifications, and not data plane related specifications.
• I have reviewed following Resource Provider guidelines, including
  ARM resource provider contract and
  REST guidelines (estimated time: 4 hours).
  I understand this is required before I can proceed to the diagram Step 2, "ARM API changes review", for this PR.
• A release plan has been created. If not, please create one as it will help guide you through the REST API and SDK creation process. (https://apps.powerapps.com/play/e/ed2ffefd-774d-40dd-ab23-7fff01aeec9f/a/821ab569-ae60-420d-8264-d7b5d5ef734c?tenantId=72f988bf-86f1-41af-91ab-2d7cd011db47)

Additional information

Viewing API changes

For convenient view of the API changes made by this PR, refer to the URLs provided in the table
in the Generated ApiView comment added to this PR. You can use ApiView to show API versions diff.

Suppressing failures

If one or multiple validation error/warning suppression(s) is detected in your PR, please follow the
suppressions guide to get approval.

Getting help

• First, please carefully read through this PR description, from top to bottom. Please fill out the Purpose of this PR and Due diligence checklist.
• If you don't have permissions to remove or add labels to the PR, request write access per aka.ms/azsdk/access#request-access-to-rest-api-or-sdk-repositories
• To understand what you must do next to merge this PR, see the Next Steps to Merge comment. It will appear within few minutes of submitting this PR and will continue to be up-to-date with current PR state.
• For guidance on fixing this PR CI check failures, see the hyperlinks provided in given failure
  and https://aka.ms/ci-fix.
• For help with ARM review (PR workflow diagram Step 2), see https://aka.ms/azsdk/pr-arm-review.
• If the PR CI checks appear to be stuck in queued state, please add a comment with contents /azp run.
  This should result in a new comment denoting a PR validation pipeline has started and the checks should be updated after few minutes.
• If the help provided by the previous points is not enough, post to https://aka.ms/azsdk/support/specreview-channel and link to this PR.

[openapi-pipeline-app]

Next Steps to Merge

Next steps that must be taken to merge this PR:

• ❌ This PR is in purview of the ARM review (label: ARMReview). This PR must get ARMSignedOff label from an ARM reviewer.
  This PR has ARMChangesRequested label. Please address or respond to feedback from the ARM API reviewer.
  When you are ready to continue the ARM API review, please remove the ARMChangesRequested label.
  Automation should then add WaitForARMFeedback label.
  ❗If you don't have permissions to remove the label, request write access per aka.ms/azsdk/access#request-access-to-rest-api-or-sdk-repositories.
  For details of the ARM review, see aka.ms/azsdk/pr-arm-review
  

[openapi-pipeline-app]

PR validation pipeline restarted successfully. If there is ApiView generated, it will be updated in this comment.

[jamesvoongms]

The linting seems to be incorrect? The four files referenced in the error are in the swagger spec

[jamesvoongms]

/azp run

[azure-pipelines]

You have several pipelines (over 10) configured to build pull requests in this repository. Specify which pipelines you would like to run by using /azp run [pipelines] command. You can specify multiple pipelines using a comma separated list.

[github-actions]

API Change Check

APIView identified API level changes in this PR and created the following API reviews

Language	API Review for Package
Go	sdk/resourcemanager/dnsresolver/armdnsresolver

[github-actions]

API Change Check

APIView identified API level changes in this PR and created the following API reviews

Language	API Review for Package
Go	sdk/resourcemanager/dnsresolver/armdnsresolver

[TimLovellSmith]

@jamesvoongms so do I understand right that all the changes here have already been ARM reviewed in one PR or another?

[TimLovellSmith]

domainsUrl

I'm curious about why a domainsUrl is a relative uri. Or is it more of a resource id? In which case why call it an url?

[TimLovellSmith]

don't see any real problem here anyway

[TimLovellSmith]

I think I'm still confused about why the 'dns resolver domain links get bulk domains operation" gets you a domains url which is itself...
isn't it just ANOTHER get bulk domains operation?
if this is the uRL?

      "domainsUrl": "/subscriptions/abdd4249-9f34-4cc6-8e42-c2e32110603e/resourceGroups/sampleResourceGroup/providers/Microsoft.Network/dnsResolverDomainLists/sampleDnsResolverDomainList/bulk",

is this as recursive as it sounds??

[TimLovellSmith]

properties

Is it a good example?
Why would there be no properties supplied in a bulk put example?
Would that create anything?

[TimLovellSmith]

bulk

API design
just having one action called 'bulk' seems confusing to me - compared to having separate actions 'bulkDownload' and 'bulkUpload'?

Do you think its better for some reason?

[TimLovellSmith]

you might want to mention whether its possible to have both of these properties or if they're exclusive?

[TimLovellSmith]

this example looks really similar to the non bulk 'DnsResolverDomainList_Get.json.

Whats the difference between these two examples? Are they supposed to be the same, or different apis?

---

Refers to: specification/dnsresolver/resource-manager/Microsoft.Network/stable/2025-05-01/examples/DnsResolverDomainList_BulkDomains_Get.json:34 in 6035cbc. [](commit_id = 6035cbc, deletion_comment = False)

[TimLovellSmith]

Would appreciate some further explanation of this api