This bulletin explains the Domain Name System (DNS) infrastructure, and discusses NIST's recommendations to help organizations analyze their operating environments and the threats to their DNS services, and to apply appropriate risk-based security measures for all DNS components. The bulletin summarizes the guidelines for the secure deployment of each DNS component through the use of configuration options and checklists that are based on policies or best practices. Topics covered include the structure and operations of DNS data, software, and transactions, and the threats, the security objectives, and the security approaches that can be employed. Other topics include how to maintain data integrity and perform source authentication, and how to configure DNS deployments to protect the availability of DNS services and prevent denial of service attacks. References to other sources of information on the security of DNS services are provided.
This bulletin explains the Domain Name System (DNS) infrastructure, and discusses NIST's recommendations to help organizations analyze their operating environments and the threats to their DNS services, and to apply appropriate risk-based security measures for all DNS components. The bulletin...
See full abstract
This bulletin explains the Domain Name System (DNS) infrastructure, and discusses NIST's recommendations to help organizations analyze their operating environments and the threats to their DNS services, and to apply appropriate risk-based security measures for all DNS components. The bulletin summarizes the guidelines for the secure deployment of each DNS component through the use of configuration options and checklists that are based on policies or best practices. Topics covered include the structure and operations of DNS data, software, and transactions, and the threats, the security objectives, and the security approaches that can be employed. Other topics include how to maintain data integrity and perform source authentication, and how to configure DNS deployments to protect the availability of DNS services and prevent denial of service attacks. References to other sources of information on the security of DNS services are provided.
Hide full abstract
Keywords
checklists; denial of service; DNS; DNS Security Extensions; DNSSEC; Domain Name System; information system security; Internet Protocol (IP); risks; vulnerabilities