DNSSEC Using RSASHA1

  • Query id: 6d7b121a-a2ed-4e37-bd2f-80d9df1dfd35
  • Query name: DNSSEC Using RSASHA1
  • Platform: GoogleDeploymentManager
  • Severity: High
  • Category: Encryption
  • URL: Github

Description

DNSSEC should not use the RSASHA1 algorithm
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
resources:
- name: dns
  type: dns.v1.managedZone
  properties:
    name: my-zone
    dnssecConfig:
      state: "on"
      defaultKeySpecs:
        - algorithm: rsasha1

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
- name: dns2
  type: dns.v1.managedZone
  properties:
    name: my-zone2
    dnssecConfig:
      state: "on"
      defaultKeySpecs:
        - algorithm: rsasha256