A terraform module to set up DNS records to harden the parked(unused) domain using GCP Cloud DNS.
Domains should be protected for email spoofing even if they are not intended to be actively used. This module configures DNS records to protect such domain based on M3AAWG Protecting Parked Domains Best Common Practices.
This module creates the following DNS records.
- Null MX record(RFC 7505) to indicate the domain does not accept any email.
- SPF record to indicate no IP is authorized to send email on behalf of this domain.
- DMARC record to enforce receiving domains to reject any email forging this domain.
- Optionally adds
rua
tag in the DMARC record to receive aggregate feedback reports via email. - Optionally creates Null MX and DMARC records for wildcard subdomains as well as the root domain(enabled by default).
provider "google" {
}
module "parked_domain" {
source = "nozaq/parked-domain-baseline/google"
zone_name = "example.com."
ttl = 86400
include_subdomains = true
}
Name | Version |
---|---|
terraform | >= 1.3 |
>= 4.43 |
Name | Version |
---|---|
>= 4.43 |
Name | Description | Type | Required |
---|---|---|---|
zone_name | The DNS zone name to add the records to. | string |
yes |
aggregate_feedback_email | The email address to which aggregate feedback is to be sent. | string |
no |
include_subdomains | Configure all subdomains as well as the root domain. | bool |
no |
ttl | The TTL of the DNS records. | number |
no |
No outputs.
- terraform-aws-parked-domain-baseline: The module to accomplish same outcome with AWS Route53 instead of GCP Cloud DNS.
- terraform-cloudflare-parked-domain-baseline: The module to accomplish same outcome with Cloudflare DNS instead of GCP Cloud DNS.