diff --git a/main.tf b/main.tf
index f7a9bcd..87ed538 100644
--- a/main.tf
+++ b/main.tf
@@ -12,7 +12,7 @@ resource "google_dns_managed_zone" "this" {
   // CKV_GCP_16:
   // DNSSEC is a feature of the Domain Name System that authenticates responses to domain name lookups. DNSSEC prevents attackers from manipulating or poisoning the responses to DNS requests.
   dnssec_config {
-    state = "on"
+    state = var.dnssec_state
   }
 }
 
diff --git a/variables.tf b/variables.tf
index 310e2f5..94fdab1 100644
--- a/variables.tf
+++ b/variables.tf
@@ -37,3 +37,9 @@ variable "records" {
   description = "List of your DNS records."
   default     = {}
 }
+
+variable "dnssec_state" {
+  type        = string
+  description = "DNSSEC State"
+  default     = "on"
+}
\ No newline at end of file