Azure Private DNS Cname Record has time-to-live (TTL) set to more than 1 hour. This may expose the DNS records to vulnerabilities such as cache poisoning.
In Azure Console -
In Terraform -
References:
https://learn.microsoft.com/en-us/azure/dns/private-dns-getstarted-portal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_cname_record#ttl