NIST updates its DNS security guidance for the first time in over a decade - Help Net Security
www.helpnetsecurity.com
NIST's updated DNS security guide covers encrypted DNS, protective DNS, and DNSSEC for teams managing enterprise infrastructure.

DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance level for more than twelve years. NIST published SP 800-81r3, the Secure Domain Name System Deployment Guide, superseding a version that dates to 2013. The document covers three main areas: using DNS as an active security control, securing the DNS protocol itself, and protecting the servers and infrastructure that run DNS services. … More → The post NIST updates its DNS security guidance for the first time in over a decade appeared first on Help Net Security.

  • mrnobody@reddthat.comEnglish
    2·
    2 days ago

    I always try to be proactive and not reactive, but DNS standards have always been lackluster. Use DNSSEC on anything you host and DoH (DNS over https) or DoT (dns over TLS) wherever possible on the OS or browser.

    Get off Google DNS (for privacy) and Cloudflare, and use Quad9 (they offer several) or dns.watch!

    If you is a pihole, is easy to toggle on dnssec, and your Firefox-based browser is pretty straightforward too.