The U.S. National Institute for Standards and Technology (NIST) has released Special Publication 800-81r1, the “Secure Domain Name System (DNS) Deployment Guide”. This Special Publication (SP) is a revision of the original SP 800-81 issued in May 2006. This revision incorporates the following changes:
(1) Guidelines on procedures for migrating to a new cryptographic algorithm for signing of the zone (Section 11.5).
(2) Guidelines on procedures for migrating to NSEC3 specifications from NSEC for providing authenticated denial of existence (Section 11.6).
(3) Deployment guidelines for split-zone under different scenarios (Section 11.7).
The guide is available on the NIST Computer Security Resource Center website. Supplemental material, including mappings for application-specific NIST SP 800-81r1 checklist items, is available on the NIST SNIP project website.