The Domain Name System, or DNS — arguably one of the most critical protocols on the internet — has often been overlooked for years from an IT and cybersecurity perspective.

For decades, DNS was largely regarded as a background function of the internet. Organizations set up servers and left them alone. That passive approach left them exposed as attackers learned to exploit vulnerabilities in the DNS protocol.

“It’s the George Foreman grill. You put it in the closet, you lock it up, you never touch it again, so that it doesn’t go down. DNS has been kind of looked at that way because if it goes down, you can’t touch printers, servers, the internet — and we’ve seen that happen,” Chris Usserman, chief technologist for public sector at Infoblox, said during Federal News Network’s Cyber Leaders Exchange 2025.

NIST guidance gives attention to potential DNS vulnerabilities

But new guidance from the National Institute of Standards and Technology reflects growing recognition that DNS is not just a technical utility but a core component of network security.

The update to NIST Special Publication 800-81r3, developed in close collaboration with industry, is the first major revamp to the document since 2012. It comes as attackers increasingly exploit DNS to spread malware, conduct phishing campaigns, steal data and disrupt essential services, Usserman said.

“The biggest aspect of it was obviously NIST’s recognition that there are a number of their publications that constantly needed revamping, and they’re going to great efforts to invest in making sure that their directives, their guidance and recommendations to all of their consumers globally is now starting to move at the speed of technology — or at least closer to it,” he said.

“Twelve years since the last update is a long time, but DNS has been around for over 40 years. We … helped NIST to understand why and how this needed to be updated and actually as it pertains to threat actor activity. It wasn’t a hard sell for NIST. They already had it on the books,” he added.

Three pillars of secure DNS

The guidance also formalizes the definition of “protected DNS,” Usserman said.

The updated publication includes three foundational pillars: employing protective DNS, securing the DNS protocol and securing DNS infrastructure. Together, the pillars form the overarching framework for “secure DNS:”

• Securing the DNS protocol: “It’s not just Domain Name System security extensions as we traditionally refer to it, but using transaction signatures, encrypted DNS as part of the mandate from M-22-09 from the Office of Management and Budget, and better DNS hygiene around making sure that you don’t have names or subdomains that are out there that are just dangling out in the ether, because those have been exploited,” Usserman said.
• Securing DNS infrastructure: The guidance recommends deploying dedicated DNS servers separately from other core functions, ensuring resilience if one service or component fails. “Having high-availability DNS servers also allows for interoperability,” Usserman said.
• Employing protective DNS: “It is effectively a DNS firewall,” Usserman said. It blocks malicious delivery of malware, phishing attacks, et cetera. It allows for applying threat intelligence and getting better telemetry around adversarial activity and unwitting — and witting — insider threats, as well as being able to have forensic understanding for incident response purposes. That’s really the key component,” he added.

Navigating federal challenges on tech and budget fronts

For organizations already leveraging Infoblox for core network functions such as Dynamic Host Configuration Protocol, DNS or IP address management, adding protective DNS is relatively simple, Usserman said.

“It’s easy to add on the licensing if we’re already there doing the DNS,” he said. “You just turn on the feature that does the inspection and allows for the aspect of saying, ‘Hey, this user or this user system or this connected device should not connect with somewhere on the internet.’ ”

The challenges for federal agencies, however, are more about the environment in which agencies operate. For example, the federal government shutdown that began Oct. 1 after lawmakers failed to pass a continuing resolution to keep the government open through November. But Congress’ inability to pass spending bills on time is nothing new; agencies spend an average of four months a year operating under a continuing resolution.

But when mandates come without money, organizations have little incentive or ability to implement them, Usserman said.

“The general government budget cycle always lends challenges to implementing these types of things, and so they have to potentially reprioritize existing obligations to determine the criticality and better manage risk,” he said.

In addition, DNS has long been treated as a back-end IT function, but protective DNS represents a shift that will encourage organizations’ IT and security teams to work more closely together, Usserman said.

Discover more articles and videos now on our Cyber Leaders Exchange 2025 event page.

Copyright © 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.