Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Domain Name System (DNS) Services: NIST Recommendations for Secure Deployment



Shirley M. Radack


This bulletin explains the Domain Name System (DNS) infrastructure, and discusses NIST's recommendations to help organizations analyze their operating environments and the threats to their DNS services, and to apply appropriate risk-based security measures for all DNS components. The bulletin summarizes the guidelines for the secure deployment of each DNS component through the use of configuration options and checklists that are based on policies or best practices. Topics covered include the structure and operations of DNS data, software, and transactions, and the threats, the security objectives, and the security approaches that can be employed. Other topics include how to maintain data integrity and perform source authentication, and how to configure DNS deployments to protect the availability of DNS services and prevent denial of service attacks. References to other sources of information on the security of DNS services are provided.
ITL Bulletin -


checklists, denial of service, DNS, DNS Security Extensions, DNSSEC, Domain Name System, information system security, Internet Protocol (IP), risks, vulnerabilities


Radack, S. (2006), Domain Name System (DNS) Services: NIST Recommendations for Secure Deployment, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed June 21, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created July 2, 2006, Updated January 27, 2020