惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

阮一峰的网络日志
阮一峰的网络日志
The GitHub Blog
The GitHub Blog
V
Visual Studio Blog
G
GRAHAM CLULEY
Spread Privacy
Spread Privacy
Last Week in AI
Last Week in AI
腾讯CDC
P
Privacy & Cybersecurity Law Blog
WordPress大学
WordPress大学
C
Cybersecurity and Infrastructure Security Agency CISA
Security Archives - TechRepublic
Security Archives - TechRepublic
博客园 - 司徒正美
爱范儿
爱范儿
雷峰网
雷峰网
The Hacker News
The Hacker News
S
SegmentFault 最新的问题
Cisco Talos Blog
Cisco Talos Blog
博客园 - 聂微东
T
Tor Project blog
I
Intezer
大猫的无限游戏
大猫的无限游戏
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Schneier on Security
Schneier on Security
T
Tenable Blog
Google Online Security Blog
Google Online Security Blog
S
Schneier on Security
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
AI
AI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
宝玉的分享
宝玉的分享
Help Net Security
Help Net Security
O
OpenAI News
博客园 - 【当耐特】
博客园 - Franky
AWS News Blog
AWS News Blog
罗磊的独立博客
J
Java Code Geeks
Know Your Adversary
Know Your Adversary
A
Arctic Wolf
小众软件
小众软件
量子位
SecWiki News
SecWiki News
S
Security Affairs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hugging Face - Blog
Hugging Face - Blog
N
News and Events Feed by Topic
Apple Machine Learning Research
Apple Machine Learning Research
H
Heimdal Security Blog
Google DeepMind News
Google DeepMind News
IT之家
IT之家

Infoblox Blog

The Missing Link in the Anti-Scam Chain: Why DNS Belongs in the Room. (DNS, GASA, Global Anti-Scam Alliance, DNS Threat Intelligence) Oracle Cloud Discovery for Universal Asset Insights | Infoblox Why Asset Discovery Integrations Start with Network Intelligence Infoblox Kentik Acquisition: AI-Driven Network and Security Intelligence Proxyware actor behind fake 7-Zip is bigger than you think! Using Protective DNS to Dismantle Global Scam Networks | Infosecurity Europe 2026 Residential Proxies: Why DNS Is the Stronger Play NIST Maps DNS Security to the Cybersecurity Framework 2.0 Trusted Infrastructure Data for AI and AgenticOps | Infoblox Meet Your Security Analyst’s New AI Teammate | Infoblox IQ DCloud Uni-App: One Framework, 236,000+ Scam Sites Operation Endgame VS SocGholish Fake Updates Human Judgment Hacks: How Lookalike Domains Work Residential Proxies in the Wild Unlocking Universal DDI on Equinix: Infoblox Brings Cloud-First DDI to Equinix Network Edge “Headless”? What Is It and Do I Need to Go There? The Alert Is Already Too Late The Half of Your Attack Surface Nobody Owns Infoblox Earns Terraform Partner Premier Status for NIOS Provider What 550 Security Leaders Just Told Us about the Age of AI, and Why Preemptive Digital Risk Protection Can’t Wait Lookalike Domains Expose the iPhone Theft Economy Amusing Numerology: Analysis of the Numbers in Domain Names 4 Trends Shaping the Future of Network Operations Preemptive Threat Disruption at Scale: How Infoblox and Axur Turn External Risk into Protection Why the Axur Acquisition Marks a Turning Point for Preemptive Security Don’t Wait To Be Attacked: Stop Phishing, C2 and Data Exfiltration with Infoblox Threat Intelligence in AWS Network Firewall Hold the Phone! International Revenue Share Fraud Driven by Fake CAPTCHAs AI, Project Glasswing and DNS: Beyond Vulnerabilities Three Infoblox Integrations with Google Cloud That Give Enterprise Teams More Control Over Their Networks Protective DNS: Why Telcos Are Turning to DNS as the Platform for Consumer Security Automating Infoblox DDI with Red Hat Ansible | Configuration as Code for DNS, DHCP and IPAM Hiding in Plain Sight: Abusing Composite Domain Names What You Cannot See is Hurting You Most NIST SP 800-81r3: A Long-Overdue Wake-Up Call for DNS Security Patterns, Pirates, and Provider Action: What We Learned Working with Keitaro NIST SP 800-81r3: What’s New? No Reach, No Risk: The Keitaro Abuse in Modern Cybercrime Distribution Unified Asset Visibility: A Strategic Imperative for CIOs and CISOs Infoblox Partners with Leading SASE Vendors to Modernize DNS and DHCP for Distributed Enterprises NIST DNS Security Best Practices: Top 5 Takeaways Empowering Women to Lead in APJ: Infoblox at the Leadership Summit for Women in Technology, AI & Cyber
Break out the bubbly: NIST SP 800-81r3 has been published!
Cricket Liu · 2026-03-20 · via Infoblox Blog

Back on April 10, I mentioned that the U.S. National Institute of Standards and Technology, or NIST, had released a draft of a new version of their venerable “Secure Domain Name System (DNS) Deployment Guide,” called NIST SP 800-81 for short. Well, 800-81r3 has just been published as an official set of recommendations and best practices.

As I said back in April, SP 800-81 has been a mainstay of the DNS community since its original publication back in 2006. DNS administrators have turned to it ever since for guidance on how to securely configure and manage their DNS infrastructure. But the latest update was in 2013, too far back to include important developments in the World of DNS (yes, there is such a thing) such as Protective DNS and Encrypted DNS.

I’m very proud to say that my colleague Ross Gibson and I had a hand in this new version. We approached Scott Rose, who’s written every version of SP 800-81 since the beginning, and asked if he’d be interested in an update. Scott was amenable, and together, the three of us added what I feel is important new material on when and how to deploy Protective DNS (hint: nearly always) and Encrypted DNS. We also added a great deal of specific material on the litany of threats to DNS and how to address them, covered DNS hygiene, recommended dedicated DNS servers and much more.

If you’re wondering how this NIST document might affect you, the SP 800 series provides guidance, but some documents in the series are incorporated into regulatory frameworks. For example, the European NIS2 Directive refers to NIST SP 800-81 for its best practices for secure DNS deployment.

Our hope is that this update will continue the long tradition of SP 800-81 as a critical resource for DNS administrators. To understand what SP 800‑81r3 means in practice, read the NIST DNS Security Best Practices: Top 5 Takeaways blog or download your copy today.

Footnotes

  1. If this accounting of the changes seems overly high-level, never fear: Ross is right on my heels with a blog on the details of the update.

Executive Vice President and Chief Evangelist, Infoblox

Cricket is one of the world’s leading experts on the Domain Name System (DNS) and serves as the liaison between Infoblox and the DNS community. Before joining Infoblox, he founded an internet consulting and training company, Acme Byte & Wire, after running the hp.com domain at Hewlett-Packard. Cricket is a prolific speaker and author, having written a number of books including “DNS and BIND,” one of the most widely used references in the field, now in its fifth edition.

View All Posts