Cloud DNS should use DNSSEC
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | dns |
| Provider | |
| Vulnerability Type | omission |
Description#
Public Google Cloud DNS managed zones without DNSSEC enabled do not validate the authenticity of DNS responses. This allows attackers to spoof DNS records or intercept DNS traffic.
Impact#
Without DNSSEC, attackers could perform man-in-the-middle attacks, redirecting users to malicious sites or intercepting sensitive data by tampering with DNS responses, potentially leading to data breaches or service impersonation.
Resolution#
Enable DNSSEC