Changeflow GovPing Data Privacy & Cybersecurity NIST SP 800-81r3 Secure DNS Deployment Guide
Routine Guidance Added Final

NIST SP 800-81r3 Secure DNS Deployment Guide

Favicon for www.nist.gov NIST Publications
Published March 19th, 2026
Detected March 21st, 2026
Email

Summary

NIST has published Special Publication (SP) 800-81r3, providing updated guidelines for securing Domain Name System (DNS) deployment. The guide aims to enhance network security by mitigating DNS misuse and misconfiguration, aligning with zero trust and defense-in-depth strategies.

View original document View source feed page

What changed

NIST has released Special Publication (SP) 800-81r3, titled "Secure Domain Name System (DNS) Deployment Guide." This publication offers updated guidance for securing DNS protocols and infrastructure, addressing the evolving threat landscape. It provides strategies to mitigate misuse and misconfiguration, serving as an additional layer of network security within zero trust and defense-in-depth frameworks. Key topics covered include authoritative name servers, DNS logging, DNS Security Extensions (DNSSEC), encrypted DNS, protective DNS, recursive name servers, and resource records.

This guidance is intended for organizations responsible for deploying and managing DNS infrastructure. While non-binding, it provides best practices for enhancing network security and resilience. Compliance officers should review the publication to understand recommended security measures for DNS deployment, particularly concerning encryption, DNSSEC, and protective DNS services, to ensure their organization's network security posture is up-to-date.

What to do next

  1. Review NIST SP 800-81r3 for updated DNS security best practices
  2. Assess current DNS deployment against the guidelines in SP 800-81r3
  3. Implement recommended security measures for DNS infrastructure

Source document (simplified)

PUBLICATIONS

Secure Domain Name System (DNS) Deployment Guide

Published

March 19, 2026

Author(s)

Scott Rose, Cricket Liu, Ross Gibson

Abstract

This document provides Domain Name System (DNS) deployment guidelines to secure the DNS protocol and infrastructure, mitigate misuse or misconfiguration, and provide an additional layer of network security as part of a zero trust and/or defense-in-depth security risk management approach. This introduction briefly discusses relevant context for DNS and examines the changing threat landscape that has warranted an updated approach to DNS deployment. Citation Special Publication (NIST SP) - 800-81r3 Report Number 800-81r3 NIST Pub Series Special Publication (NIST SP) Pub Type NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.SP.800-81r3 Local Download

Keywords

Authoritative Name Server, Domain Name sytem (DNS), DNS Logging, DNS Security Extensions (DNSSEC), Encrypted DNS, Protective DNS, Recursive Name Server, Resource Record (RR) Trustworthy networks, Network security and robustness and Cybersecurity and privacy

Citation

Rose, S.
, Liu, C.
and Gibson, R.

(2026),
Secure Domain Name System (DNS) Deployment Guide, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-81r3, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=960578       
  (Accessed March 20, 2026)

Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created March 19, 2026

Was this page helpful?

Related changes

Favicon for www.nist.gov NIST Paper on 5G Network Security Design Principles
Routine Mar 21, 2026 NIST Publications Data Privacy & Cybersecurity
Favicon for www.nist.gov NIST White Paper on 5G Cybersecurity and Privacy Capabilities
Routine Mar 21, 2026 NIST Publications Data Privacy & Cybersecurity
Favicon for www.nist.gov NIST Paper on 5G Hardware Security for Platform Integrity
Routine Mar 21, 2026 NIST Publications Data Privacy & Cybersecurity
Favicon for www.cisa.gov CISA Adds Five Known Exploited Vulnerabilities to Catalog
Priority review Mar 20, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov Apple Buffer Overflow Vulnerability Fixed in Safari, iOS, macOS
Priority review Mar 20, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov Craft CMS Remote Code Execution Vulnerability Fixed
Priority review Mar 20, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity

Source

Favicon for www.nist.gov
NIST Publications nist.gov/publications
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
NIST
Published
March 19th, 2026
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
NIST SP 800-81r3

Who this affects

Applies to
Technology companies
Industry sector
5182 Data Processing & Hosting 5170 Telecommunications
Activity scope
DNS Deployment Security
Geographic scope
United States US

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF NIST 800-53
Topics
Network Security DNS Security

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 221 Consumer Protection 39 Courts & Legal 284 Data Privacy & Cybersecurity 61 Defense & National Security 48 Education 20 Energy 102 Environment 85 Government & Legislation 257 Healthcare 116 Housing 15 Immigration 9 Insurance 58 Labor & Employment 111 Pharma & Drug Safety 78 Securities & Markets 75 Tax 62 Telecom & Technology 34 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when NIST Publications publishes new changes.

Free. Unsubscribe anytime.