For a long time, the cybersecurity world couldn’t quite agree on what DNS security actually meant. Was it just Domain Name System Security Extensions (DNSSEC)? Was it about stopping distributed denial-of-service (DDoS) attacks? Or was it using DNS as a cyber security control to block malware, commonly known as Protective DNS. The result was confusion, fragmented approaches and missed opportunities. But with National Institute of Standards and Technology’s (NIST) updated Special Publication (SP) 800-81 Secure Domain Name System (DNS) Deployment Guide1 and the European Union’s NIS2 Directive2 reinforcing its themes, the industry finally has a more complete—and practical—definition to work with.
In the original NIST publication, DNS security was often equated solely with DNSSEC. It still matters today, but it’s only part of the picture. What’s changed? A lot. From encrypted DNS standards to smarter threat intelligence, the landscape has shifted. Meanwhile, attackers have taken full advantage of the gaps, targeting poorly managed DNS systems and hijacking domains to fuel phishing campaigns.
Even with Protective DNS gaining traction in government circles, many vendors downplayed its importance—misleadingly defining DNS security as just another checkbox or a firewall feature. In frameworks like SASE and Zero Trust, DNS was often overlooked. And under tight budgets, many organizations didn’t see it as a top priority. But ignoring DNS security has real consequences—and real missed opportunities.
That’s changing. As highlighted in Rik Turner’s recent analysis,3 while some in the industry have shifted toward platform consolidation, NIST SP 800-81 introduces a more complete vision of secure DNS deployments and best practices. It centers on three pillars: protecting DNS infrastructure, ensuring DNS integrity and adopting Protective DNS as a proactive control. The first is protecting the DNS infrastructure itself. As a critical component of IT infrastructure, organizations should ensure DNS is deployed in a highly resilient architecture on purpose-built platforms that can withstand threats such as DDoS attacks. The second is protecting the integrity of the DNS system. Threat actors have proven to be successful at hijacking misconfigured domains as well as poisoning DNS caches to redirect users to fraudulent domains. Finally, there is the deployment of DNS as a cybersecurity control, often referred to as Protective DNS. This is where a DNS platform can apply policy, often based on DNS threat intelligence that blocks requests to known malicious sites. This is a modern, practical blueprint that spans cyber resilience and threat mitigation. You can read more in our whitepaper here.
Infoblox Threat Intel continues to track adversaries who exploit DNS in increasingly creative ways—whether it’s hijacking legitimate domains or using lookalike URLs to run convincing phishing campaigns. As more governments adopt Protective DNS and security teams look to strengthen their defenses, one thing is clear: DNS security isn’t optional anymore. It’s foundational.
Footnotes
- NIST Special Publication 800-81 Secure Domain Name System (DNS) Deployment Guide, Rose, Scott, Liu, Cricket, Gibson, Ross, National Institute of Standards and Technology (NIST), April 2025.
- NIS2 Directive Technical Implementation Guidance, European Union Agency for Cybersecurity (ENISA), June 2025.
- Tighter DNS security requirements present opportunities for Infoblox, Turner, Rik, Omdia, June 20, 2025.
