prowler icon indicating copy to clipboard operation
prowler copied to clipboard
verified publisher icon prowler-cloud

Add new GCP Check to Ensure That Cloud DNS Logging Is Enabled for All VPC Networks

Open danibarranqueroo opened this issue 9 months ago • 0 comments

New feature motivation

Cloud DNS logging records the queries from the name servers within your VPC to Stackdriver. Logged queries can come from Compute Engine VMs, GKE containers, or other GCP resources provisioned within the VPC.

Solution Proposed

Add to DNS service all what is needed to follow the steps of auditing:

  1. List all VPCs networks in a project
  2. List all DNS policies, logging enablement, and associated VPC networks Each VPC Network should be associated with a DNS policy with logging enabled.

Create unit tests for what is added in the service.

Create the check code (using Prowler Studio for this would be awesome: Prowler-Studio). Here you'll need to add the folder for the check which includes python check code, init file and metadata. All of this can be easily generated with Studio.

Create unit tests for the code and test it.

Describe alternatives you've considered

Nothing to add here.

Additional context

This check comes from the CIS 3.0 for GCP, so for additional context go there and see what's needed.

danibarranqueroo avatar Mar 18 '25 12:03 danibarranqueroo