catalog logoThe IAM Privilege Catalog

services / Google Cloud / Cloud DNS Networks

Resources used by Cloud DNS to bind DNS zones or policies with VPC networks.

dns.​networks.​bindPrivateDNSZone

Binding a new private DNS zone can change DNS resolution behavior, potentially creating a DOS. If the attacker additionally has permissions to create or update records in any zone, allows domain takeover.

Risks

  1. Domain takeover (CRITICAL)
  2. Denial-of-service (HIGH)

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​cloud.​google.​com/​dns/​docs/​access-​control
  • https:​/​/​cloud.​google.​com/​dns/​docs/​policies-​overview

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog