The National Institute of Standards and Technology (NIST) has drafted another revision of the document “Secure Domain Name System (DNS) Deployment Guide" (SP 800-81). This revision addresses all the comments and feedback received for the first revision through public comments in March 2009, in addition to adding 3 more subsections described below. After addressing the public comments received in this round, it will be published as NIST SP 800-81r1. Federal agencies and private organizations as well as individuals are invited to review this draft and submit comments to NIST by sending them to SecureDNS@nist.gov before September 30, 2009. Comments will be reviewed and posted on the CSRC website. All comments will be analyzed, consolidated, and used in revising the draft Guidelines before final publication. A brief description of the 3 new subsections is given below:

What is New in this revision leading to SP 800-81r1:

(1) Guidelines on Procedures for migrating to a new Cryptographic Algorithm for signing of the Zone (Section 11.5).

(2) Guidelines for Procedures for migrating to NSEC3 specifications from NSEC for providing authenticated denial of existence (Section 11.6).

(3) Deployment Guidelines for Split-Zone under different scenarios (Section 11.7).

You can download the NIST Draft SP 800-81 Rev. 1 here.

SOURCE: National Institute of Standards and Technology