turbot/net_insights
Loading controls...

Control: MX records should not contain IP address

Description

As per RFC 1035, an MX records must point to a host which itself can be resolved in the DNS. An IP address could not be used as it would be interpreted as an unqualified domain name, which cannot be resolved.

Usage

Run the control in your terminal:

powerpipe control run net_insights.control.dns_mx_not_contain_ip

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run net_insights.control.dns_mx_not_contain_ip --share

Steampipe Tables

Params

ArgsNameDefaultDescriptionVariable
$1domain_names
["github.com","microsoft.com"]
DNS domain names.

SQL

with domain_list as (
select
distinct domain
from
net_dns_record
where
domain in (
select
jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
)
),
mx_record_with_ip as (
select
domain,
count(*)
from
net_dns_record
where
domain in (
select
domain
from
domain_list
)
and type = 'MX'
and (
select
target ~ '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
)
group by
domain
)
select
d.domain as resource,
case
when i.domain is null then 'ok'
else 'alarm'
end as status,
case
when i.domain is null then d.domain || ' MX records do not contain IP addresses.'
else 'At least 1 MX record in ' || d.domain || ' contains an IP address.'
end as reason
from
domain_list as d
left join mx_record_with_ip as i on d.domain = i.domain;