Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RULE] Check for DNSSEC configuration #3201

Open
BernieWhite opened this issue Dec 9, 2024 · 0 comments
Open

[RULE] Check for DNSSEC configuration #3201

BernieWhite opened this issue Dec 9, 2024 · 0 comments
Labels
lifecycle: preview Preview feature and rules pillar: security Aligned to the Security pillar. rule: dns Rules for DNS

Comments

@BernieWhite
Copy link
Collaborator

Existing rule

No response

Suggested rule

DNSSEC is a set of extensions that use public/ private key pairs to DNS sign responses. This improves security for any client that must resolve records by providing assurance that:

  • Records have been sent unaltered.
  • The record originated from a server that owned the zone (has access to the private keys). This is secured by the parent zone who also implements DNSSEC to sign the delegation record.

Rule should check that a DNSSEC sub-resource exists in the parent public DNS zone.

Sub resource is: Microsoft.Network/dnsZones/dnssecConfigs the sub-resource name will be default.

Pillar

Security

Additional context

This is a preview feature.
@BernieWhite BernieWhite added lifecycle: preview Preview feature and rules pillar: security Aligned to the Security pillar. rule: dns Rules for DNS labels Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle: preview Preview feature and rules pillar: security Aligned to the Security pillar. rule: dns Rules for DNS
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BernieWhite