π Google Cloud DNS Managed Zone DNSSEC is not enabled π’
- Contextual name: π Managed Zone DNSSEC is not enabled π’
- ID:
/ce/ca/google/dns/dnssec-settings-for-cloud-dns - Located in: π Google Cloud DNS
Flagsβ
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY - Policy Category:
SECURITYRELIABILITY
Similar Policiesβ
- Cloud Conformity
Logicβ
- π§ prod.logic.yaml π’
Descriptionβ
Descriptionβ
Cloud Domain Name System (DNS) is a fast, reliable and cost-effective domain name system that powers millions of domains on the internet. Domain Name System Security Extensions (DNSSEC) in Cloud DNS enables domain owners to take easy steps to protect their domains against DNS hijacking and man-in-the-middle and other attacks.
Rationaleβ
Domain Name System Security Extensions (DNSSEC) adds security to the DNS protocol by enabling DNS responses to be validated. Having a trustworthy DNS that translates a domain name like
www.example.cominto its associated IP address is an increasingly important building block of todayβs web-based applications. Attackers can hijack this process of domain/IP lookup and redirect users to a malicious site through DNS hijacking and man-in-the-middle attacks. DNSSEC helps mitigate the risk of such attacks by cryptographically signing DNS records. As a result, it prevents attackers from issuing fake DNS responses that may misdirect browsers to nefarious websites.Auditβ
... see more
Remediationβ
Remediationβ
From Google Cloud Consoleβ
- Go to
Cloud DNSby visiting https://console.cloud.google.com/net-services/dns/zones.- For each zone of
Type Public, setDNSSECtoOn.From Google Cloud CLIβ
Use the below command to enable
DNSSECfor Cloud DNS Zone Name.gcloud dns managed-zones update ZONE_NAME --dnssec-state on
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ CIS GCP v3.0.0 β πΌ 3.3 Ensure That DNSSEC Is Enabled for Cloud DNS - Level 1 (Automated) | 1 | |||
| πΌ Cloudaware Framework β πΌ System Configuration | 24 | |||
| πΌ Cloudaware Framework β πΌ Threat Protection | 25 |