DNSSEC Using RSASHA1

• Query id: 6d7b121a-a2ed-4e37-bd2f-80d9df1dfd35
• Query name: DNSSEC Using RSASHA1
• Platform: GoogleDeploymentManager
• Severity: Medium
• Category: Encryption
• CWE: 326
• URL: Github

Description

DNSSEC should not use the RSASHA1 algorithm
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

resources:
- name: dns
  type: dns.v1.managedZone
  properties:
    name: my-zone
    dnssecConfig:
      state: "on"
      defaultKeySpecs:
        - algorithm: rsasha1

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

resources:
- name: dns2
  type: dns.v1.managedZone
  properties:
    name: my-zone2
    dnssecConfig:
      state: "on"
      defaultKeySpecs:
        - algorithm: rsasha256