NIST releases standards for securing domain names

The National Institutes of Standards and Technologies have released new guidelines for securing Domain Name Systems (DNS) today. Special Publication 800-81 details threats and how best to approach them as well as specific recommendations on secure configurations for DNS and their associated mechanisms.

Domain names have two unique characteristics that set them apart from other distributed systems: they have no defined system boundaries and no confidentiality, as Web site domains are essentially accessible to anyone. Conventional network-level attacks can cause denial-of-service and access problems.

NIST recommends that agencies implement appropriate system and network security controls for securing the DNS hosting, protect transactions such as name resolution data and data replication, and protect the query/response transaction using digital signatures. The publication also recommends enforcing content control of DNS name resolution using integrity constraints.

The publication can be downloaded in PDF format here:

inside gcn

  • phishing email (Abscent/

    How agencies can protect against phishing attacks

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group