Cloud DNS Without DNSSEC

  • Query id: 313d6deb-3b67-4948-b41d-35b699c2492e
  • Query name: Cloud DNS Without DNSSEC
  • Platform: GoogleDeploymentManager
  • Severity: Medium
  • Category: Insecure Configurations
  • URL: Github

Description

DNSSEC must be enabled for Cloud DNS
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
- name: dns
  type: dns.v1.managedZone
  properties:
    name: my-zone
Positive test num. 2 - yaml file
resources:
- name: dns2
  type: dns.v1.managedZone
  properties:
    name: my-zone2
    dnssecConfig:
      kind: "dns#managedZoneDnsSecConfig"
Positive test num. 3 - yaml file
resources:
- name: dns3
  type: dns.v1.managedZone
  properties:
    name: my-zone3
    dnssecConfig:
      state: "off"

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
- name: dns4
  type: dns.v1.managedZone
  properties:
    name: my-zone4
    dnssecConfig:
      state: "on"