Detections
Analytics

Ensure private DNS zones are not linked to Azure Virtual Network

LOW

Description

Private DNS zones are linked with Azure Virtual Network using a Azure Virtual Network link, this may make infrastructure non-compliant.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Private DNS zones.
  2. Select the Private DNS zone you wish to edit.
  3. Under Settings, select Virtual Network Links.
  4. Select Add.
  5. Choose the subscription and virtual network as needed.

In Terraform -

  1. For each azurerm_virtual_network resource, create a azurerm_private_dns_zone_virtual_network_link resource.
  2. Set the virtual_network_id to the network ID to link the DNS zone to.

References:
https://learn.microsoft.com/en-us/azure/dns/private-dns-overview
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link

Policy Details

Rule Reference ID: AC_AZURE_0256
CSP: Azure
Remediation Available: No
Domain: Compliance Validation
Resource: azurerm_virtual_network
Resource Category: Compute
Resource Type: Virtual Network

Frameworks