NIST releases standards for securing domain names

The National Institutes of Standards and Technologies have released new guidelines for securing Domain Name Systems (DNS) today. Special Publication 800-81 details threats and how best to approach them as well as specific recommendations on secure configurations for DNS and their associated mechanisms.

Domain names have two unique characteristics that set them apart from other distributed systems: they have no defined system boundaries and no confidentiality, as Web site domains are essentially accessible to anyone. Conventional network-level attacks can cause denial-of-service and access problems.

NIST recommends that agencies implement appropriate system and network security controls for securing the DNS hosting, protect transactions such as name resolution data and data replication, and protect the query/response transaction using digital signatures. The publication also recommends enforcing content control of DNS name resolution using integrity constraints.

The publication can be downloaded in PDF format here: http://csrc.nist.gov/publications/nistpubs/800-81/SP800-81.pdf

Featured

  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected