Data protection

Weak algorithm used for zone-signing key in Cloud DNS DNSSEC

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

DNSSEC algorithm numbers in this registry may be used in CERT RRs. Zone signing (DNSSEC) and transaction security mechanisms (SIG(0) and TSIG) make use of particular subsets of these algorithms. The algorithm used for key signing should be a recommended one and it should be strong.
  • Recommended Mitigation

    Change DNSSEC zone-signing key to use a stronger algorithm