Ensure Kubernetes Network policy does not allow ingress from public IPs to query DNS

HIGH

Description

Configuring your Kubernetes Network policy ingress from public IPs address for port '53' can allow anonymous/malicious outside traffic to query DNS services of your cluster.

Remediation

To ensure outside malicious traffic is not allowed to query DNS for your Kubernetes cluster, then configure your Kubernetes Network policy for port '53' to allow from pods internally.

Policy Details

Rule Reference ID: AC_K8S_0014
Remediation Available: No
Resource Category: Virtual Network
Resource Type: Network Policies

Frameworks