The US National Institute of Standards and Technology (NIST) has published the final version of Special Publication (SP) 800-81r3, a guide intended to help organisations secure their Domain Name System (DNS) infrastructure.
NIST said DNS is central to organisational security because it translates domain names into IP addresses, can be used as a point to enforce enterprise security policy, and can provide signals of malicious activity. The agency warned that disruptions or attacks targeting DNS can affect an entire organisation.
According to NIST, the guide outlines DNS roles and offers recommendations to protect the integrity, availability and confidentiality of DNS services. It includes guidance on how DNS supports zero trust architecture, including acting as a policy enforcement point and as a source of information when evaluating access requests.
The publication also covers authoritative DNS and recommends measures to protect the integrity and authenticity of DNS information, including the use of DNS Security Extensions (DNSSEC). It includes guidance on recursive DNS as well, with an emphasis on protecting the confidentiality of client DNS queries.
NIST said the final version adds clarifications based on feedback during the public comment period, including additional text on minimising information leakage in DNS queries and responses.
