Best practice rules for GCP Domain Name System (DNS)
- Check for DNSSEC Key-Signing Algorithm in Use
Ensure that RSASHA1 signature algorithm is not used for DNSSEC key signing.
- Check for DNSSEC Zone-Signing Algorithm in Use
Ensure that DNSSEC key signing is not using RSASHA1 as a signature algorithm.
- Detect GCP Cloud DNS Configuration Changes
Cloud DNS configuration changes have been detected within your Google Cloud Platform (GCP) account.
- Enable DNSSEC for Google Cloud DNS Zones
Ensure that DNSSEC is enabled for your Domain Name System (DNS) managed zones.
- Remove Dangling DNS Records
Ensure that dangling DNS records are removed from your Cloud DNS zones to avoid domain/subdomain takeover.