An conflict may occur in Azure DNS if two people or two processes try to modify a DNS record at the same time. How can you it determine which one wins? And does the winner know that they’ve just overwritten changes created by someone else?
Azure DNS uses Etags to handle concurrent changes to the same resource safely. Each DNS resource (zone or record set) has an Etag associated with it. Whenever a resource is retrieved, its Etag is also retrieved. When updating a resource, you(or the creator of DNS record) have the option to pass back the Etag so Azure DNS can verify that the Etag on the server matches. Since each update to a resource results in the Etag being regenerated, an Etag mismatch indicates a concurrent change has occurred. Etags are also used when creating a new resource to ensure that the resource does not already exist.
By default, Azure DNS PowerShell uses Etags to block concurrent changes to zones and record sets. The optional -Overwrite switch can be used to suppress Etag checks, in which case any concurrent changes that have occurred will be overwritten.
At the level of the Azure DNS REST API, Etags are specified using HTTP headers. Their behavior is given in the following table:
|None||PUT always succeeds (no Etag checks)|
|If-match||PUT only succeeds if resource exists and Etag matches|
|If-match *||PUT only succeeds if resource exists|
|If-none-match *||PUT only succeeds if resource does not exist|