Cloud DNS Without DNSSEC
- Query id: 80b15fb1-6207-40f4-a803-6915ae619a03
- Query name: Cloud DNS Without DNSSEC
- Platform: Ansible
- Severity: Medium
- Category: Insecure Configurations
- URL: Github
Description¶
DNSSEC must be enabled for Cloud DNS
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - yaml file
---
- name: create a managed zone
google.cloud.gcp_dns_managed_zone:
name: test_object
dns_name: test.somewild2.example.com.
description: test zone
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
- name: create a second managed zone
google.cloud.gcp_dns_managed_zone:
name: test_object
dns_name: test.somewild2.example.com.
description: test zone
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
dnssec_config:
kind: some_kind
- name: create a third managed zone
google.cloud.gcp_dns_managed_zone:
name: test_object
dns_name: test.somewild2.example.com.
description: test zone
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
dnssec_config:
kind: some_kind
state: off
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create a managed zone
google.cloud.gcp_dns_managed_zone:
name: test_object
dns_name: test.somewild2.example.com.
description: test zone
project: test_project
auth_kind: serviceaccount
service_account_file: /tmp/auth.pem
state: present
dnssec_config:
kind: some_kind
state: on