DNSSEC Using RSASHA1

• Query id: 6cf4c3a7-ceb0-4475-8892-3745b84be24a
• Query name: DNSSEC Using RSASHA1
• Platform: Ansible
• Severity: Medium
• Category: Encryption
• CWE: 326
• URL: Github

Description

DNSSEC should not use the RSASHA1 algorithm
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

---
- name: create a managed zone
  google.cloud.gcp_dns_managed_zone:
    name: test_object
    dns_name: test.somewild2.example.com.
    description: test zone
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
    dnssec_config:
      defaultKeySpecs:
        algorithm: RSASHA1
      state: off

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: create a managed zone
  google.cloud.gcp_dns_managed_zone:
    name: test_object
    dns_name: test.somewild2.example.com.
    description: test zone
    project: test_project
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present
    dnssec_config:
      defaultKeySpecs:
        algorithm: RSASHA256
      state: off