Best practice rules for DNS
- Check for Azure DNS Security Policies
Ensure that Azure DNS Security Policies are used to filter and log DNS traffic.
- Check for Network Isolation with Virtual Network Links
Ensure that your private DNS zones are configured with controlled virtual network (VNet) links.
- Enable DNSSEC for Azure DNS Zones
Ensure that DNSSEC is enabled for your Microsoft Azure DNS zones.
- Enable Diagnostic Logs for Azure DNS Security Policies
Ensure that Diagnostic Logs are enabled for Azure DNS Security Policies.
- Use Resource Locks for Azure DNS Zones
Ensure that resource locks are enabled for your production DNS zones.
- Use Role-Based Access Control for Azure DNS Zones
Implement Role-Based Access Control (RBAC) for Azure DNS zones.