catalog logoThe IAM Privilege Catalog

services / Google Cloud / Resource Record Set

A resource record set either contains a DNS record managed by Cloud DNS or a routing policy. This includes both public and private DNS records.

dns.​resourceRecordSets.​create

By creating DNS records in an active managed zone, an attacker can cause some of the traffic to your domains to be directed to them.

Risks

  1. Domain takeover (CRITICAL)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​dns/​docs/​reference/​v1/​resourceRecordSets
  • https:​/​/​cloud.​google.​com/​dns/​docs/​access-​control
  • https:​/​/​cloud.​google.​com/​dns/​docs/​records
  • https:​/​/​cloud.​google.​com/​dns/​docs/​zones/​manage-​routing-​policies

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog