---
names:
  full: Azure Network Security Group allows public access to DNS port
  contextual: Security Group allows allows public access to DNS port
description: >
  Ensure that Azure Network Security Groups do not allow unrestricted public access to 
  the DNS port 53. Exposing DNS to the internet from a VM can pose security 
  risks, such as participation in DNS amplification attacks or unauthorized DNS resolution.
type: COMPLIANCE_POLICY
categories:
  - SECURITY
frameworkMappings:
  - "/frameworks/cloudaware/resource-security/network-exposure"