Skip to content

Configuration: DNSSEC not enabled¶

Identifier: dnssec_disabled

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

DNSSEC should be enabled to protect against DNS spoofing and other attacks that can compromise the integrity of DNS responses, potentially allowing attackers to redirect traffic to malicious servers.

How we test: We query DNS records and check for DNSSEC signatures (RRSIG records) to verify if DNSSEC is properly configured. We analyze DNS responses to detect if cryptographic signatures are present and validate DNS record authenticity.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  dnssec_disabled:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.