services / Google Cloud / Cloud DNS Networks

Resources used by Cloud DNS to bind DNS zones or policies with VPC networks.


Binding a new private DNS zone can change DNS resolution behavior, potentially creating a DOS. If the attacker additionally has permissions to create or update records in any zone, allows domain takeover.



This privilege may grant access to confidential data, or its exploit can incur operational cost.


  • https:​/​/​cloud.​google.​com/​dns/​docs/​access-​control
  • https:​/​/​cloud.​google.​com/​dns/​docs/​policies-​overview
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog