NIST releases standards for securing domain names
- By Wade-Hahn Chan
- May 17, 2006
The National Institutes of Standards and Technologies have released new guidelines for securing Domain Name Systems (DNS) today. Special Publication 800-81 details threats and how best to approach them as well as specific recommendations on secure configurations for DNS and their associated mechanisms.
Domain names have two unique characteristics that set them apart from other distributed systems: they have no defined system boundaries and no confidentiality, as Web site domains are essentially accessible to anyone. Conventional network-level attacks can cause denial-of-service and access problems.
NIST recommends that agencies implement appropriate system and network security controls for securing the DNS hosting, protect transactions such as name resolution data and data replication, and protect the query/response transaction using digital signatures. The publication also recommends enforcing content control of DNS name resolution using integrity constraints.
The publication can be downloaded in PDF format here: http://csrc.nist.gov/publications/nistpubs/800-81/SP800-81.pdf