The Domain Name System (DNS) plays an integral role in every organization’s security posture by translating domain names into IP addresses. It can serve as an enforcement point for enterprise security policy and an indicator of potential malicious activity on a network. A disruption or attack against the DNS can impact an entire organization
NIST Special Publication (SP) 800-81r3 (Revision 3), Secure Domain Name System (DNS) Deployment Guide, describes the different roles of DNS and gives recommendations for protecting the integrity, availability, and confidentiality of DNS services, including:
-
- The role DNS plays in supporting a zero trust architecture, such as serving as both a policy enforcement point (PEP) and a source for information when evaluating access requests
- The role of hosting DNS information (authoritative DNS), including guidance on protecting the integrity and authenticity of DNS information using DNSSEC
- The role of recursive DNS, including guidance on protecting the confidentiality of client DNS queries
The public comment period is open through May 26, 2025. See the publication details for a copy of the draft. Additional information can be found on the NIST High Assurance Domains Project webpage.
NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
