services / Google Cloud / Cloud DNS Networks

Resources used by Cloud DNS to bind DNS zones or policies with VPC networks.


This permission allows you to configure a network with DNS peering, so that DNS requests in the network "forwarded" to the peer network. This can change DNS resolution behavior, which can potentially create a DOS. If the attacker additionally has permissions to create or update records in any zone, allows domain takeover.



This privilege may grant access to confidential data, or its exploit can incur operational cost.


  • https:​/​/​cloud.​google.​com/​dns/​docs/​access-​control
  • https:​/​/​cloud.​google.​com/​dns/​docs/​policies-​overview
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog