Cloud DNS has DNSSEC disabled TF-S2016

DNSSEC is a feature of the Domain Name System that authenticates responses to domain name lookups. DNSSEC prevents attackers from manipulating or poisoning the responses to DNS requests. We recommend ensuring that DNSSEC is enabled in any public DNS zone, the top-level domain registry, and the local DNS resolvers.

References

• https://www.terraform.io/docs/providers/google/r/dnsmanagedzone.html#state