A terraform module to set up DNS records to harden the parked(unused) domain using AWS Route53.
Domains should be protected for email spoofing even if they are not intended to be actively used. This module configures DNS records to protect such domain based on M3AAWG Protecting Parked Domains Best Common Practices.
This module creates the following DNS records.
- Null MX record(RFC 7505) to indicate the domain does not accept any email.
- SPF record to indicate no IP is authorized to send email on behalf of this domain.
- DMARC record to enforce receiving domains to reject any email forging this domain.
- Optionally adds
ruatag in the DMARC record to receive aggregate feedback reports via email. - Optionally creates Null MX and DMARC records for wildcard subdomains as well as the root domain(enabled by default).
provider "aws" {
}
data "aws_route53_zone" "this" {
name = "example.com"
}
module "parked_domain" {
source = "nozaq/parked-domain-baseline/aws"
zone_id = data.aws_route53_zone.this.zone_id
ttl = 86400 # One day
}| Name | Version |
|---|---|
| terraform | >= 1.3 |
| aws | >= 4.40 |
| Name | Version |
|---|---|
| aws | >= 4.40 |
| Name | Description | Type | Required |
|---|---|---|---|
| aggregate_feedback_email | The email address to which aggregate feedback is to be sent. | string |
no |
| include_subdomains | Configure all subdomains as well as the root domain. | bool |
no |
| ttl | The TTL of the DNS records. | number |
no |
| zone_id | The DNS zone ID to add the records to. Either zone_name or zone_id need to be given. | string |
no |
No outputs.
- terraform-cloudflare-parked-domain-baseline: The module to accomplish same outcome with Cloudflare DNS instead of AWS Route53.
- terraform-google-parked-domain-baseline: The module to accomplish same outcome with GCP Cloud DNS instead of AWS Route53.