Best practice rules for Amazon Route 53
AWS Route 53 is a scalable and highly available Domain Name web service. Route53 provides a reliable and cost effective way to link end users to applications by translating domain names (web addresses) into numeric IP addresses that computers require to connect to one another.
Trend Micro Cloud One™ – Conformity monitors Amazon Route 53 with the following rules:
- Amazon Route 53 Configuration Changes
Route 53 configuration changes have been detected within your Amazon Web Services account.
- Enable DNSSEC Signing for Route 53 Hosted Zones
Ensure that DNSSEC signing is enabled for your Amazon Route 53 Hosted Zones.
- Enable Query Logging for Route 53 Hosted Zones
Ensure that DNS query logging is enabled for your Amazon Route 53 hosted zones.
- Privacy Protection
Ensure that Route 53 domains have Privacy Protection enabled.
- Remove AWS Route 53 Dangling DNS Records
Ensure dangling DNS records are removed from your AWS Route 53 hosted zones to avoid domain/subdomain takeover.
- Route 53 Domain Auto Renew
Ensure Route 53 domains are set to auto renew.
- Route 53 Domain Expired
Ensure expired AWS Route 53 domains names are restored.
- Route 53 Domain Expiry 30 Days
Ensure AWS Route 53 domain names are renewed before their expiration.
- Route 53 Domain Expiry 45 Days
Ensure AWS Route 53 domain names are renewed before their expiration (45 days before expiration).
- Route 53 Domain Expiry 7 Days
Ensure AWS Route 53 domain names are renewed before their expiration.
- Route 53 Domain Transfer Lock
Ensure Route 53 domains have the transfer lock set to prevent an unauthorized transfer to another registrar.
- Route 53 In Use
Ensure AWS Route 53 DNS service is in use for highly efficient DNS management.
- Sender Policy Framework In Use
Ensure that Sender Policy Framework (SPF) is used to stop spammers from spoofing your AWS Route 53 domain.