github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/dns/AVD-GCP-0012/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/dns/AVD-GCP-0012/Terraform.md (about)

     1  
     2  Use RSA SHA512
     3  
     4  ```hcl
     5   resource "google_dns_managed_zone" "foo" {
     6   	name     = "foobar"
     7   	dns_name = "foo.bar."
     8   	
     9   	dnssec_config {
    10   		state         = "on"
    11   		non_existence = "nsec3"
    12   	}
    13   }
    14   	
    15   data "google_dns_keys" "foo_dns_keys" {
    16   	managed_zone = google_dns_managed_zone.foo.id
    17   	zone_signing_keys {
    18   		algorithm = "rsasha512"
    19   	}
    20   }
    21   	
    22   output "foo_dns_ds_record" {
    23   	description = "DS record of the foo subdomain."
    24   	value       = data.google_dns_keys.foo_dns_keys.key_signing_keys[0].ds_record
    25   }
    26   
    27  ```
    28  
    29  #### Remediation Links
    30   - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone#algorithm
    31