NIST releases new draft of Special Publication 800-81 on securing DNS

A second draft of the proposed revision of Special Publication 800-81 has been released for public comment. This release incorporates suggestions received on the first draft, released in March, and also includes guidance on migrating to a new cryptographic algorithm for signing a zone, for migrating to NSEC3 hashing specifications to provide authenticated denial of existence response, and a discussion of DNS Security Extensions (DNSSEC) in split view deployments.

The draft is expected to be finalized and published as SP 800-81r1 following the close of the public comment period on Sept. 30. Comments should be sent to SecureDNS@nist.gov

NIST SP 800-81 R1 Round 2 DRAFT Download

Source: NIST releases new draft of Special Publication 800-81 on securing DNS, Government Computer News, William Jackson, Retrieved on Aug 27, 2009 from gcn.com/articles/2009/08/27/dns-security-updates.aspx

Nominum to offer DNS 'blacklist' capability

Nominum plans to announce today a novel DNS security capability that functions like a spam blacklist, providing automated, real-time checking of DNS queries against a list of Web sites that are known to be malicious.

Nominum's Trusted Response and Universal Enforcement (TRUE) architecture is already in use by several ISPs supporting a combined 100 million broadband households. Nominum wouldn't identify these ISPs, but its Web site says its carrier customers include Verizon, Sprint, NTT Communications and other major industry players.

Now Nominum is making its third-generation DNS software that features the TRUE architecture available to corporations and other enterprise customers.

Source: Computer World -computerworld.com/s/article/9136786/Nominum_to_offer_DNS_blacklist_capability