GCP-Network-DNSSEC-disable-on-cloud-DNS

Severity: High

Description: This control ensures that DNSSEC is enabled for Public Cloud DNS. Domain Name System Security Extensions (DNSSEC) in Cloud DNS enables domain owners to take easy steps to protect their domains against DNS hijacking and man-in-the-middle and other attacks.

Remediation Steps:

Perform following to set host maintenance migrate option :

1. Sign in to GCP Console https://console.cloud.google.com.

2. Go to Cloud DNS in GCP Console by visiting net-service/dns/zones

3. Click on the affected Cloud DNS from the list.

4. Click on Edit option.

5. Turn ON the DNSSEC setting.

6. Click on SAVE button.

Important:

Reference:

• CIS Google Cloud Platform Foundation Benchmark v1.2.0 - 05-01-2021: Recommendation #3.3

• https://cloud.google.com/dns/dnssec-config#enabling

• https://cloud.google.com/dns/dnssec