Control: Ensure that DNSSEC is enabled for Cloud DNS

Description

Cloud Domain Name System (DNS) is a fast, reliable, and cost-effective domain name system that powers millions of domains on the internet. Domain Name System Security Extensions (DNSSEC) in Cloud DNS enables domain owners to take easy steps to protect their domains against DNS hijacking and man-in-the-middle and other attacks.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.dns_managed_zone_dnssec_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.dns_managed_zone_dnssec_enabled --share

SQL

This control uses a named query:

select
  self_link resource,
  case
    when visibility = 'private' then 'skip'
    when visibility = 'public' and (dnssec_config_state is null or dnssec_config_state = 'off') then 'alarm'
    else 'ok'
  end as status,
  case
    when visibility = 'private'
      then title || ' is private.'
    when visibility = 'public' and (dnssec_config_state is null or dnssec_config_state = 'off')
      then title || ' DNSSEC not enabled.'
    else title || ' DNSSEC enabled.'
  end as reason
  
  , project as project
from
  gcp_dns_managed_zone;

Control: Ensure that DNSSEC is enabled for Cloud DNS

Description

Usage

SQL

Tags