Secure Domain Name System (DNS) Deployment Guide | Final publication

NIST Publishes SP 800-81r3: Secure Domain Name System (DNS) Deployment Guide

The Domain Name System (DNS) plays an integral role in every organization’s security posture by translating domain names into IP addresses. It can serve as an enforcement point for enterprise security policy and an indicator of potential malicious activity on a network. A disruption or attack against the DNS can impact an entire organization.

NIST Special Publication (SP) 800-81r3 (Revision 3), Secure Domain Name System (DNS) Deployment Guide, describes the different roles of DNS and gives recommendations for protecting the integrity, availability, and confidentiality of DNS services, including:

1. The role DNS plays in supporting a zero trust architecture, such as serving as both a policy enforcement point (PEP) and a source of information when evaluating access requests
2. The role of hosting DNS information (authoritative DNS), including guidance on protecting the integrity and authenticity of DNS information using DNSSEC
3. The role of recursive DNS, including guidance on protecting the confidentiality of client DNS queries

This final version contains additional clarification on guidance based on feedback received during the public comment period. This includes additional text on minimizing information leakage in DNS queries and responses.