Skip to content

Configuration: DNS record TXT sensitive

Identifier: dnsrecord_txt_sensitive

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

DNS TXT records containing sensitive information can expose secrets, credentials, or configuration details since DNS records are not encrypted, not protected by authentication, and often shared over plain text.

How we test: We query DNS TXT records and analyze their contents to detect if sensitive information like secrets, credentials, API keys, or configuration details are stored in TXT records. We verify if DNS records follow security best practices and avoid storing sensitive data.

Configuration

Example

Example configuration:

---
security_tests:
  dnsrecord_txt_sensitive:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.