Control: MX records should not contain IP address
Description
As per RFC 1035, an MX records must point to a host which itself can be resolved in the DNS. An IP address could not be used as it would be interpreted as an unqualified domain name, which cannot be resolved.
Usage
Run the control in your terminal:
powerpipe control run net_insights.control.dns_mx_not_contain_ipSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run net_insights.control.dns_mx_not_contain_ip --shareSteampipe Tables
SQL
with domain_list as ( select distinct domain from net_dns_record where domain in (select jsonb_array_elements_text(to_jsonb($1::text[])))),mx_record_with_ip as ( select domain, count(*) from net_dns_record where domain in (select domain from domain_list) and type = 'MX' and (select target ~ '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') group by domain)select d.domain as resource, case when i.domain is null then 'ok' else 'alarm' end as status, case when i.domain is null then d.domain || ' MX records do not contain IP addresses.' else 'At least 1 MX record in ' || d.domain || ' contains an IP address.' end as reasonfrom domain_list as d left join mx_record_with_ip as i on d.domain = i.domain;
Params
| Args | Name | Default | Description | Variable |
|---|---|---|---|---|
| $1 | domain_names | | DNS domain names. |