Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Secure Domain Name System (DNS) Deployment Guide

Published

Author(s)

Ramaswamy Chandramouli, Scott W. Rose

Abstract

The Domain Name System (DNS) is a distributed computing system that enables access to Internet resources by user-friendly domain names rather than IP addresses, by translating domain names to IP addresses and back. The DNS infrastructure is made up of computing and communication entities called Name Servers each of which contains information about a small portion of the domain name space. The domain name data provided by DNS is intended to be available to any computer located anywhere in the Internet.This document provides deployment guidelines for securing DNS within an enterprise. Because DNS data is meant to be public, preserving the confidentiality of DNS data. The primary security goals for DNS are data integrity and source authentication, which are needed to ensure the authenticity of domain name information and maintain the integrity of domain name information in transit. This document provides extensive guidance on maintaining data integrity and performing source authentication. DNS components are often subjected to denial-of-service attacks intended to disrupt access to the resources whose domain names are handled by the attacked DNS components. This document presents guidelines for configuring DNS deployments to prevent many denial-of-service attacks that exploit vulnerabilities in various DNS components. [Supersedes SP 800-81 Rev. 1 (April 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=905113]
Citation
Special Publication (NIST SP) - 800-81-2
Report Number
800-81-2

Keywords

Authoritative Name Server, Caching Name Server, Domain Name System (DNS), DNS Query/Response, DNS Security Extensions (DNSSEC), Resource Record (RR), Trust Anchor, Validating Resolver

Citation

Chandramouli, R. and Rose, S. (2013), Secure Domain Name System (DNS) Deployment Guide, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-81-2 (Accessed October 7, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created September 18, 2013, Updated November 10, 2018