NIST releases standards for securing domain names

The National Institute of Standards and Technology released new guidelines for securing the Domain Name System (DNS) yesterday. Special Publication 800-81 details threats and how best to approach them as well as specific recommendations on secure configurations for domain names and their associated mechanisms.

Domain names have two unique characteristics that set them apart from other distributed systems: They have no defined system boundaries and no confidentiality because Web site domains are accessible to anyone. Conventional network-level attacks can cause denial-of-service and access problems.

NIST recommends that agencies implement appropriate system and network security controls to secure the DNS hosting, protect transactions such as name resolution data and data replication, and protect query/response transactions by using digital signatures. The publication also recommends enforcing content control of DNS name resolution using integrity constraints.

The publication can be downloaded in PDF format.

Featured

  • People
    2021 Federal 100 Awards

    Announcing the 2021 Federal 100 Award winners

    Meet the women and men being honored for their exceptional contributions to federal IT.

  • Comment
    Diverse Workforce (Image: Shutterstock)

    Who cares if you wear a hoodie or a suit? It’s the mission that matters most

    Responding to Steve Kelman's recent blog post, Alan Thomas shares the inside story on 18F's evolution.

Stay Connected