Best practice rules for GCP Domain Name System (DNS)
Trend Micro Cloud One™ – Conformity monitors GCP Domain Name System (DNS) with the following rules:
- Check for DNSSEC Key-Signing Algorithm in Use
Ensure that RSASHA1 signature algorithm is not used for DNSSEC key signing.
- Check for DNSSEC Zone-Signing Algorithm in Use
Ensure that DNSSEC key signing is not using RSASHA1 as a signature algorithm.
- Detect GCP Cloud DNS Configuration Changes
Cloud DNS configuration changes have been detected within your Google Cloud Platform (GCP) account.
- Enable DNSSEC for Google Cloud DNS Zones
Ensure that DNSSEC is enabled for your Domain Name System (DNS) managed zones.