VNET With Only One DNS Endpoint
Description
Virtual Networks (VNETs) in Azure are responsible for routing network traffic. For tasks like domain name resolution, DNS servers are used. However, if there's only a single DNS server associated with a VNET, it may introduce a single point of failure where the DNS IP address is not load-balanced. To avoid this single point of failure and potential network disruptions, it's recommended to have at least two DNS servers connected to your VNET.
This policy checks that the Azure Virtual Network has at least two connected DNS endpoints.
Code Example
terraform
resource "azurerm_virtual_network" "example" {
name = "example-network"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
# ... other configurations ...
+ dns_servers = ["1.2.3.4", "1.2.3.5"] // Ensure at least 2 DNS servers are connected
}Remediation
Terraform
Resource:
- azurerm_virtual_network
- azurerm_virtual_network_dns_servers
Argument:
- dns_servers
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0689 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_182 |