Cloud DNS Without DNSSEC

  • Query id: 5ef61c88-bbb4-4725-b1df-55d23c9676bb
  • Query name: Cloud DNS Without DNSSEC
  • Platform: Terraform
  • Severity: Medium
  • Category: Insecure Configurations
  • URL: Github

Description

DNSSEC must be enabled for Cloud DNS
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file
// comment
// comment
// comment
// comment
resource "google_dns_managed_zone" "positive1" {
  name     = "foobar"
  dns_name = "foo.bar."

  dnssec_config {
    state         = "off"
    non_existence = "nsec3"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "google_dns_managed_zone" "negative1" {
  name     = "foobar"
  dns_name = "foo.bar."

  dnssec_config {
    state         = "on"
    non_existence = "nsec3"
  }
}