services / Azure / DNS SRV record set
An authoritative DNS SRV record set within an Azure public DNS zone. SRV records advertise the host and port that back named services (e.g. SIP, LDAP, autodiscover) for the domain.
DNS record data is published and resolvable by design (public); write/delete control determines where service-discovery clients are routed.
Microsoft.Network/dnszones/SRV/delete
Deleting the SRV record set removes service-location records so dependent clients can no longer resolve the named services, causing denial-of-service.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog