Security News > 2021 > March > NSA, DHS Issue Guidance on Protective DNS

The U.S. National Security Agency and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency this week published joint guidance on Protective DNS. Designed to translate domain names into IP addresses, the Domain Name System is a key component of Internet and network communications.

Protective DNS was designed as a security service that leverages the DNS protocol and infrastructure for the analysis of DNS queries and mitigation of possible threats.

Both the NSA and CISA have previously issued documents related to the mitigation of DNS-related issues, and the new guidance is meant to provide further details on the benefits and risks of protective DNS services.

PDNS, the joint guidance says, relies on a policy-implementing DNS resolver - often called Response Policy Zone functionality - which checks both domain name queries and returned IP addresses to prevent connections to malicious sites.

To set up PDNS, an organization can simply modify its recursive resolver to rely on the PDNS provider's DNS server.

Some of the outlined best practices regarding PDNS involve the use of a PDNS system as part of a layered defense-in-depth strategy, blocking unauthorized DNS queries, and taking into consideration hybrid enterprise architectures.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/VrxiXuOtibg/nsa-dhs-issue-guidance-protective-dns