Skip to content

Configuration: DNS record private IP

Identifier: dnsrecord_private_ip

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

DNS records pointing to private IP addresses can reveal information about internal network structure, potentially aiding attackers in understanding network topology and planning attacks.

How we test: We query DNS records and analyze returned IP addresses to detect if any records point to private IP address ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or IPv6 private ranges). We verify if DNS configuration exposes internal network information.

Configuration

Example

Example configuration:

---
security_tests:
  dnsrecord_private_ip:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.