An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Domain Name System (DNS) Services: NIST Recommendations for Secure Deployment
Published
Author(s)
Shirley M. Radack
Abstract
This bulletin explains the Domain Name System (DNS) infrastructure, and discusses NIST's recommendations to help organizations analyze their operating environments and the threats to their DNS services, and to apply appropriate risk-based security measures for all DNS components. The bulletin summarizes the guidelines for the secure deployment of each DNS component through the use of configuration options and checklists that are based on policies or best practices. Topics covered include the structure and operations of DNS data, software, and transactions, and the threats, the security objectives, and the security approaches that can be employed. Other topics include how to maintain data integrity and perform source authentication, and how to configure DNS deployments to protect the availability of DNS services and prevent denial of service attacks. References to other sources of information on the security of DNS services are provided.
checklists, denial of service, DNS, DNS Security Extensions, DNSSEC, Domain Name System, information system security, Internet Protocol (IP), risks, vulnerabilities
Radack, S.
(2006),
Domain Name System (DNS) Services: NIST Recommendations for Secure Deployment, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50837
(Accessed October 6, 2024)