Azure DNS × WAB Discovery

Enable or disable the WAB DNS Discovery TXT record on any Azure DNS zone via the Azure DNS REST API.

ℹ Bearer token required. Generate via: az account get-access-token --resource https://management.azure.com/ or use a Service Principal with the DNS Zone Contributor role. Token expires in ~60 minutes.

1. Authentication

Azure Bearer Token (stays in browser memory)

Quick command: az account get-access-token --resource https://management.azure.com/ --query accessToken -o tsv

2. Subscription, Resource Group, Zone

Subscription ID

Resource Group

DNS Zone Name

Domain (usually same as zone)

Endpoint URL (blank = auto)

3. Actions

Code Snippets

Azure CLI

PowerShell

Terraform

# Enable
az network dns record-set txt add-record \
  --resource-group my-rg \
  --zone-name example.com \
  --record-set-name _wab \
  --value "v=wab1; endpoint=https://example.com/.well-known/wab.json"

# Disable
az network dns record-set txt delete \
  --resource-group my-rg \
  --zone-name example.com \
  --name _wab \
  --yes

# PowerShell with Az.Dns module
$txt = New-AzDnsRecordConfig -Value "v=wab1; endpoint=https://example.com/.well-known/wab.json"
New-AzDnsRecordSet `
  -Name "_wab" -RecordType TXT -Ttl 3600 `
  -ZoneName "example.com" -ResourceGroupName "my-rg" `
  -DnsRecords $txt

# Disable
Remove-AzDnsRecordSet -Name "_wab" -RecordType TXT `
  -ZoneName "example.com" -ResourceGroupName "my-rg" -Confirm:$false

resource "azurerm_dns_txt_record" "wab_discovery" {
  name                = "_wab"
  zone_name           = "example.com"
  resource_group_name = "my-rg"
  ttl                 = 3600

  record {
    value = "v=wab1; endpoint=https://example.com/.well-known/wab.json"
  }
}

Required Role

Use the built-in DNS Zone Contributor role scoped to the zone (or RG). Required actions:

Microsoft.Network/dnsZones/TXT/read
Microsoft.Network/dnsZones/TXT/write
Microsoft.Network/dnsZones/TXT/delete

← Provider Onboarding · Cloudflare · Route 53 · Google Cloud DNS · DNS Discovery