Skip to content

Configuration: DNSSEC not enabled

Identifier: dnssec_disabled

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

DNSSEC (Domain Name System Security Extensions) should be enabled.

Without DNSSEC, a domain is vulnerable to DNS spoofing and other types of attacks that can compromise the integrity of DNS responses.

For example, an hacker could redirect some traffic to a malicious server by impersonating the domain.

Configuration

Example

Example configuration:

---
security_tests:
  dnssec_disabled:
    assets_allowed:
    - DNS
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.