Skip to content

Files

Latest commit

 

History

History
51 lines (40 loc) · 884 Bytes

google-dns-enable-dnssec.md

File metadata and controls

51 lines (40 loc) · 884 Bytes

Pattern: Disabled DNSSEC for Google Cloud DNS

Issue: -

Description

DNSSEC authenticates DNS responses, preventing MITM attacks and impersonation.

Resolution: Enable DNSSEC.

Examples

Example of incorrect code:

resource "google_dns_managed_zone" "bad_example" {
  name        = "example-zone"
  dns_name    = "example-${random_id.rnd.hex}.com."
  description = "Example DNS zone"
  labels = {
    foo = "bar"
  }
  dnssec_config {
    state = "off"
  }
}

resource "random_id" "rnd" {
  byte_length = 4
}

Example of correct code:

resource "google_dns_managed_zone" "good_example" {
  name        = "example-zone"
  dns_name    = "example-${random_id.rnd.hex}.com."
  description = "Example DNS zone"
  labels = {
    foo = "bar"
  }
  dnssec_config {
    state = "on"
  }
}

resource "random_id" "rnd" {
  byte_length = 4
}