"az network dns zone export" fails with empty TXT records

[mikeclayton]

Describe the bug

Attempting to export a DNS zone with a TXT record that has an empty value results in the following error:

The command failed with an unexpected error. Here is the traceback:
'txt'
Traceback (most recent call last):
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 663, in execute
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 697, in _run_job
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 333, in __call__
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/network/custom.py", line 2633, in export_zone
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/network/zone_file/make_zone_file.py", line 96, in make_zone_file
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/network/zone_file/record_processors.py", line 134, in process_txt
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/network/zone_file/record_processors.py", line 55, in _quote_field
KeyError: 'txt'
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues

Related command

az network dns zone export
    --subscription   "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    --resource-group "my-dns"
    --name           "my.dns.zone"

Errors

See error in description above.

Issue script & Debug output

Set up a test environment

This script sets up a new dns zone with an empty TXT record so we can reproduce the issue, but you can create the zone and empty TXT record manually in a browser via https://portal.azure.com as well...

# set up some variables for the script
$subscriptionId        = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
$resourceGroupName     = "my-dns";
$zoneName              = "my.dns.zone";
$recordType            = "TXT";
$relativeRecordSetName = "@";
$apiVersion            = "2023-07-01-preview";

# create a new dns zone so we've got a clean environment to test
$azZone = New-AzDnsZone `
    -ResourceGroupName $resourceGroupName `
    -Name              $zoneName;

# add a TXT recordset with an empty value
#
# note that neither "az cli" nor the Az PowerShell cmdlets will let us create
# a TXT record with an empty value - they both throw parameter validation
# errors, so we have to either create it manually in a browser at
# https://portal.azure.com or invoke the raw rest api using "az rest" which
# *do* allow empty values.
#
# see:
#   https://learn.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest#az-rest
#   https://learn.microsoft.com/en-us/rest/api/dns/record-sets/create-or-update?tabs=HTTP#create-txt-recordset

$resourceId = `
    "/subscriptions/$subscriptionId" +
    "/resourceGroups/$resourceGroupName" +
    "/providers/Microsoft.Network" +
    "/dnsZones/$zoneName" +
    "/$recordType/$relativeRecordSetName";

# using Chrome's F12 dev tools shows this body is what https://portal.azure.com sends
# when creating an empty TXT record manually in a browser
$restBody = @{
  "id"         = $resourceId
  "name"       = "@"
  "type"       = "Microsoft.Network/dnszones/TXT"
  "properties" = @{
    "TTL"            = 3600
    "targetResource" = $null
    "ARecords"       = $null
    "AAAARecords"    = $null
    "caaRecords"     = $null
    "CNAMERecord"    = $null
    "MXRecords"      = $null
    "NSRecords"      = $null
    "SOARecord"      = $null
    "SRVRecords"     = $null
    "TXTRecords"     = $null
    "PTRRecords"     = $null
  }
} | ConvertTo-Json -Depth 99 -Compress;
$restBody = $restBody.Replace('"', '\"');

az rest `
  --uri     "https://management.azure.com$($resourceId)?api-version=$apiVersion" `
  --method  "PUT" `
  --headers "Content-Type=application/json" `
  --body    $restBody `
  --debug

Result of setup script

The setup script creates a TXT record with an empty value - the portal renders a hyphen - to indicate an empty value.

Reproduce the issue

With the environment set up with an empty TXT record using the above script, this command reproduces the error:

az network dns zone export `
  --subscription   $subscriptionId `
  --resource-group $resourceGroupName  `
  --name           $zoneName

Expected behavior

The DNS zone gets serialized properly to text, including an empty TXT record.

Environment Summary

azure-cli                         2.52.0

core                              2.52.0
telemetry                          1.1.0

Dependencies:
msal                            1.24.0b1
azure-mgmt-resource             23.1.0b2

Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory '********'

Python (Windows) 3.10.10 (tags/v3.10.10:aad5f6a, Feb  7 2023, 17:20:36) [MSC v.1929 64 bit (AMD64)]

Legal docs and information: aka.ms/AzureCliLegal


Your CLI is up-to-date.

Additional context

There are other duplicate issues reported but have been closed with workarounds that I can't use:

• can't export dns zone #23645
• Cannot Export Azure DNS Zone (multiple Azure CLI versions) #27021

The suggested resolution for these was to delete the empty TXT record, but I don't have this option as I don't have jurisdiction over the DNS configuration

And a similar issue:

• Error while running az network dns zone export command #27391 - coincidentally raised a very short time ago. Affects AAAA and CNAME records, but It's probably got the same root cause based around handling empty values for fields

[yonzhan]

Thank you for opening this issue, we will look into it.

[azure-client-tools-bot-prd]

Hi @mikeclayton
Find similar issue #23645.

Issue title	can't export dns zone
Create time	2022-08-23
Comment number	4

Possible solution:
The error is caused by the null value of type "txt" in the DNS zone. The suggested resolution for the previous issue was to delete the empty TXT record, but if you don't have jurisdiction over the DNS configuration, you can still export the DNS zone with the empty TXT record. However, you will need to delete the empty TXT record in the exported file.

---

Please confirm if this resolves your issue.

[microsoft-github-policy-service]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @dnssuppgithub.

[microsoft-github-policy-service]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @dnssuppgithub.

[microsoft-github-policy-service]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @dnssuppgithub.