MEDIUM
Source
Trivy/CSPM
CSPM ID
dns-security-enabled
ID
AVD-GCP-0013

Cloud DNS should use DNSSEC

DNSSEC authenticates DNS responses, preventing MITM attacks and impersonation.

Impact

Unverified DNS responses could lead to man-in-the-middle attacks

Follow the appropriate remediation steps below to resolve the issue.

Follow the appropriate remediation steps below to resolve the issue.

    <button
      data-tab-item="Management Console"
      data-tab-group="remediation"
      class="tab-nav-button btn active"
      onclick="switchTab('remediation','Management Console')"
     >Management Console</button>

</div>
<div class="tab-content">
    
    <div data-tab-item="Management Console" data-tab-group="remediation" class="tab-item active">
        <ol>
    </div>
    
</div>

Enable DNSSEC

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
resource "google_dns_managed_zone" "good_example" {
  name        = "example-zone"
  dns_name    = "example-${random_id.rnd.hex}.com."
  description = "Example DNS zone"
  labels = {
    foo = "bar"
  }
  dnssec_config {
    state = "on"
  }
}

resource "random_id" "rnd" {
  byte_length = 4
}