Donate
‹ Back
Domain Name System Security Extensions (DNSSEC) 30 December 2011

NIST Secure Domain Name System (DNS) Deployment Guide

The United States National Institute of Standards and Technology (NIST) created an excellent “Special Publication” related to DNSSEC:

Secure Domain Name System (DNS) Deployment Guide

Like many of NIST’s Special Publications, the detailed guide, last updated in September 2013, starts out with a tutorial about the basics of the technology, in this case DNS.  It then explains the security threats to DNS at great length before then providing solid guidelines for securing your DNS systems and information.

The document covers DNSSEC but also looks at what you need to do to secure the information on your actual DNS server from other attacks.   It also provides specific configuration information for two of the more popular DNS servers in use.

While NIST’s focus is on providing information and guidelines to U.S. government agencies, the document is extremely useful to companies, organizations and others around the world.

NOTE: A new version 2 of this document was released by NIST in September 2013 that included updated sections on DNSSEC and DNS server configuration. The links on this page were updated to link to this new version 2.

‹ Back

Related resources

Microsoft DNSSEC Deployment Guide for Windows Server 2008R2 and Windows 7
Domain Name System Security Extensions (DNSSEC)10 January 2012

Microsoft DNSSEC Deployment Guide for Windows Server 2008R2 and Windows 7

If you are providing DNS services to your network using Windows servers and would like to understand how to deploy...

State of DNSSEC Deployment 2016
State of DNSSEC Deployment 2016
Domain Name System (DNS)31 December 2016

State of DNSSEC Deployment 2016

This report provides a snapshot of the state of deployment of DNSSEC as of the end of 2016. Please download the...

ENISA: Good Practices Guide For Deploying DNSSEC
Domain Name System Security Extensions (DNSSEC)10 February 2012

ENISA: Good Practices Guide For Deploying DNSSEC

In March 2010, the European Network and Information Security Agency (ENISA) issued their "Good Practices Guide For Deploying DNSSEC" with...

Join the conversation with Internet Society members around the world