Beta - Nifcloud DNS has verified record

문서 > Datadog 보안 > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Beta - Nifcloud DNS has verified record

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: a1defcb6-55e8-4511-8c2a-30b615b0e057

Cloud Provider: Nifcloud

Platform: Terraform

Severity: High

Category: Insecure Configurations

Learn More

Provider Reference

Description

Remove the verification TXT record used for DNS authentication (records containing nifty-dns-verify=) after verification is complete. If the authentication record remains, others could reuse it to claim or re-register the zone, exposing DNS control to unauthorized parties. This rule flags nifcloud_dns_record resources that include nifty-dns-verify= and returns attributes documentId, resourceType, resourceName, searchKey, issueType, keyExpectedValue, and keyActualValue.

Compliant Code Examples

resource "nifcloud_dns_record" "negative" {
  zone_id = nifcloud_dns_zone.example.id
  name    = "test.example.test"
  type    = "TXT"
  ttl     = 300
  record  = "negative"
}

Non-Compliant Code Examples

resource "nifcloud_dns_record" "positive" {
  zone_id = nifcloud_dns_zone.example.id
  name    = "test.example.test"
  type    = "TXT"
  ttl     = 300
  record  = "nifty-dns-verify=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}