services / Google Cloud / Cloud DNS Networks

Resources used by Cloud DNS to bind DNS zones or policies with VPC networks.


dns.​networks.​targetWithPeeringZone

This permission allows you to configure a network with DNS peering, so that DNS requests in the network "forwarded" to the peer network. This can change DNS resolution behavior, which can potentially create a DOS. If the attacker additionally has permissions to create or update records in any zone, allows domain takeover.

Risks

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​cloud.​google.​com/​dns/​docs/​access-​control
  • https:​/​/​cloud.​google.​com/​dns/​docs/​policies-​overview
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog