Skip to content

A terraform module to set up DNS records to harden the parked(unused) domain using GCP Cloud DNS.

License

Notifications You must be signed in to change notification settings

nozaq/terraform-google-parked-domain-baseline

Repository files navigation

terraform-google-parked-domain-baseline

Github Actions Releases

Terraform Module Registry

A terraform module to set up DNS records to harden the parked(unused) domain using GCP Cloud DNS.

Domains should be protected for email spoofing even if they are not intended to be actively used. This module configures DNS records to protect such domain based on M3AAWG Protecting Parked Domains Best Common Practices.

Features

This module creates the following DNS records.

  • Null MX record(RFC 7505) to indicate the domain does not accept any email.
  • SPF record to indicate no IP is authorized to send email on behalf of this domain.
  • DMARC record to enforce receiving domains to reject any email forging this domain.
  • Optionally adds rua tag in the DMARC record to receive aggregate feedback reports via email.
  • Optionally creates Null MX and DMARC records for wildcard subdomains as well as the root domain(enabled by default).

Usage

provider "google" {
}

module "parked_domain" {
  source = "nozaq/parked-domain-baseline/google"

  zone_name           = "example.com."
  ttl                 = 86400
  include_subdomains  = true
}

Requirements

Name Version
terraform >= 1.3
google >= 4.43

Providers

Name Version
google >= 4.43

Inputs

Name Description Type Required
zone_name The DNS zone name to add the records to. string yes
aggregate_feedback_email The email address to which aggregate feedback is to be sent. string no
include_subdomains Configure all subdomains as well as the root domain. bool no
ttl The TTL of the DNS records. number no

Outputs

No outputs.

Related modules