Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “GCP DNS Managed Zones Should Use Secure Algorithm” for GCP using GCP console, follow these steps:
- Open the GCP console and select the project where the DNS Managed Zone is located.
- In the left-hand navigation menu, click on “Network services” and select “Cloud DNS”.
- In the Cloud DNS dashboard, select the DNS Managed Zone that needs to be remediated.
- Click on the “Edit” button at the top of the page.
- In the “Zone details” section, select the “Advanced” tab.
- In the “DNSSEC” section, select the “Enable DNSSEC” checkbox.
- Select the “Algorithm” dropdown and choose a secure algorithm such as “RSASHA256”.
- Click on the “Save” button at the bottom of the page to save the changes.
- Verify that the DNS Managed Zone is now using a secure algorithm by checking the “DNSSEC” section of the “Zone details” page.
Using CLI
Using CLI
To remediate the misconfiguration “GCP DNS Managed Zones Should Use Secure Algorithm” for GCP using GCP CLI, follow the steps given below:Make sure to replace [ZONE_NAME] with the name of the DNS managed zone that you want to update.Make sure that the output shows the algorithm as “RSASHA256”.By following these steps, you can remediate the misconfiguration “GCP DNS Managed Zones Should Use Secure Algorithm” for GCP using GCP CLI.
- Open the GCP Cloud Shell by clicking on the Activate Cloud Shell icon on the top right corner of the GCP Console.
- Run the following command to list all the DNS managed zones in your GCP project:
- Identify the DNS managed zone that is using an insecure algorithm.
- Run the following command to update the DNS managed zone to use a secure algorithm:
- Verify that the DNS managed zone is updated to use a secure algorithm by running the following command:
Using Python
Using Python
To remediate the GCP DNS Managed Zones Should Use Secure Algorithm misconfiguration, follow these steps:Replace
- Install the Google Cloud SDK by following the instructions at https://cloud.google.com/sdk/docs/install.
-
Set up authentication for the Google Cloud SDK by running
gcloud auth loginand following the instructions. -
Install the
google-cloud-dnsPython library by runningpip install google-cloud-dns. - Write a Python script to update the DNS managed zones to use a secure algorithm. Here’s an example script:
your-project-id and your-zone-name with your actual project ID and managed zone name.- Run the Python script by running
python script.py.
rsasha256). Repeat this process for all other DNS managed zones in your GCP project.