NIST Publishes SP 800-81r3: Secure Domain Name System (DNS) Deployment Guide
The Domain Name System (DNS) plays an integral role in every organization’s security posture by translating domain names into IP addresses. It can serve as an enforcement point for enterprise security policy and an indicator of potential malicious activity on a network. A disruption or attack against the DNS can impact an entire organization.
NIST Special Publication (SP) 800-81r3 (Revision 3), Secure Domain Name System (DNS) Deployment Guide, describes the different roles of DNS and gives recommendations for protecting the integrity, availability, and confidentiality of DNS services, including:
- The role DNS plays in supporting a zero trust architecture, such as serving as both a policy enforcement point (PEP) and a source of information when evaluating access requests
- The role of hosting DNS information (authoritative DNS), including guidance on protecting the integrity and authenticity of DNS information using DNSSEC
- The role of recursive DNS, including guidance on protecting the confidentiality of client DNS queries
This final version contains additional clarification on guidance based on feedback received during the public comment period. This includes additional text on minimizing information leakage in DNS queries and responses.
NIST Cybersecurity and Privacy Program
Questions and comments can be directed to: sp800-81@nist.gov
CSRC Website questions: csrc-inquiry@nist.gov
|
