This is a work in progress and not a release. We're looking for volunteers. See Issues to know how to collaborate.

DNS and Domain Registration

tag: [Engineer/Developer, Security Specialist, Operations & Strategy]

DNS (Domain Name System) is the backbone of the internet, translating domain names into IP addresses. Choosing a secure and trusted Domain Registrar is important, as if someone is able to obtain access to your domain registrar they could change DNS servers and more.

DNS Security

  1. Implement DNSSEC to digitally sign DNS records, ensuring data integrity and authenticity.
  2. Evaluate and choose DNS hosting providers based on their performance, security, and reliability.

Domain Registrar Security

  1. Select a registrar with a strong security posture and a history of reliability.
  2. Follow best practices for securing your domain registrar account, including strong authentication methods.
  3. Enable domain transfer locks and two-factor authentication to prevent unauthorized domain transfers.
  4. Use WHOIS privacy services to protect your domain registration information from public exposure.
  5. Implement processes to ensure your domains do not inadvertently expire, potentially causing disruptions.

DNS Monitoring and Incident Response

  1. Create alerts to be notified of DNS route changes and ensure those changes are expected and authorized.
  2. Develop an incident response plan specific to DNS and Domain Registrar security breaches, including steps for investigation and mitigation.