Secure Domain Name System (DNS) Deployment Guide   [open pdf - 877KB]

"To access Internet resources by user-friendly domain names rather than IP addresses, users need a system that translates domain names to IP addresses and back. This translation is the primary task of an engine called the Domain Name System (DNS). [...] The domain name data provided by DNS is intended to be available to any computer located anywhere in the Internet. This document provides deployment guidelines for securing DNS within an enterprise. Because DNS data is meant to be public, preserving the confidentiality of DNS data pertaining to publicly accessible IT resources is not a concern. The primary security goals for DNS are data integrity and source authentication, which are needed to ensure the authenticity of domain name information and maintain the integrity of domain name information in transit. This document provides extensive guidance on maintaining data integrity and performing source authentication. Availability of DNS services and data is also very important; DNS components are often subjected to denial-of-service attacks intended to disrupt access to the resources whose domain names are handled by the attacked DNS components. This document presents guidelines for configuring DNS deployments to prevent many denial-of-service attacks that exploit vulnerabilities in various DNS components."

Report Number:
NIST Special Publication 800-81r1
Public Domain
Retrieved From:
National Institute of Standards and Technology: http://www.nist.gov/
Media Type:
Help with citations