services / Azure / DNS SRV record set

An authoritative DNS SRV record set within an Azure public DNS zone. SRV records advertise the host and port that back named services (e.g. SIP, LDAP, autodiscover) for the domain.

DNS record data is published and resolvable by design (public); write/delete control determines where service-discovery clients are routed.


Microsoft.​Network/​dnszones/​SRV/​delete

Deleting the SRV record set removes service-location records so dependent clients can no longer resolve the named services, causing denial-of-service.

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​Network
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog