NIST releases standards for securing domain names

The National Institute of Standards and Technology released new guidelines for securing the Domain Name System (DNS) yesterday. Special Publication 800-81 details threats and how best to approach them as well as specific recommendations on secure configurations for domain names and their associated mechanisms.

Domain names have two unique characteristics that set them apart from other distributed systems: They have no defined system boundaries and no confidentiality because Web site domains are accessible to anyone. Conventional network-level attacks can cause denial-of-service and access problems.

NIST recommends that agencies implement appropriate system and network security controls to secure the DNS hosting, protect transactions such as name resolution data and data replication, and protect query/response transactions by using digital signatures. The publication also recommends enforcing content control of DNS name resolution using integrity constraints.

The publication can be downloaded in PDF format.

Featured

  • Defense
    concept image of radio communication (DARPA)

    What to look for in DOD's coming spectrum strategy

    Interoperability, integration and JADC2 are likely to figure into an updated electromagnetic spectrum strategy expected soon from the Department of Defense.

  • FCW Perspectives
    data funnel (anttoniart/Shutterstock.com)

    Real-world data management

    The pandemic has put new demands on data teams, but old obstacles are still hindering agency efforts.

Stay Connected