Query: 3.4 Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC

Description

DNSSEC algorithm numbers in this registry may be used in CERT RRs. Zone signing (DNSSEC) and transaction security mechanisms (SIG(0) and TSIG) make use of particular subsets of these algorithms. The algorithm used for key signing should be a recommended one and it should be strong.

Query

Tables used in this query:

• gcp_dns_managed_zone

Controls using this query:

• 3.4 Ensure that RSASHA1 is not used for the key-signing key in Cloud DNS DNSSEC
• 3.4 Ensure that RSASHA1 is not used for the key-signing key in Cloud DNS DNSSEC
• 3.4 Ensure that RSASHA1 is not used for the key-signing key in Cloud DNS DNSSEC
• 3.4 Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC
• Ensure that RSASHA1 is not used for key-signing key in Cloud DNS

SQL