AWS Route53 documentation change
Summary
Added error details about DNSSEC and resource record requirements when deleting hosted zones
Security assessment
The change documents DNSSEC-related constraints during deletion but does not address a specific vulnerability. DNSSEC is a security feature, so this adds security documentation.
Diff
diff --git a/Route53/latest/DeveloperGuide/DeleteHostedZone.md b/Route53/latest/DeveloperGuide/DeleteHostedZone.md index f2fcafb4b..8a2e020e7 100644 --- a//Route53/latest/DeveloperGuide/DeleteHostedZone.md +++ b//Route53/latest/DeveloperGuide/DeleteHostedZone.md @@ -58,0 +59,8 @@ To use the Route 53 console to delete a public hosted zone, perform the followin +###### Note + +If you attempt to delete the hosted zone without completing these requirements, Route 53 will return an error: + + * If DNSSEC signing is enabled: **`The specified hosted zone contains DNSSEC Key Signing Keys and so cannot be deleted`** + + * If other resource record sets exist (other than the default SOA and NS records): **`The specified hosted zone contains non-required resource record sets and so cannot be deleted`** +