The Center for Cybersecurity Policy & Law hosted a policy roundtable on Domain Name System (DNS) security at the RSA Conference 2025 in San Francisco. The event brought together senior government officials from 14 countries—representing 16 agencies from the United States, Asia Pacific, and Europe – alongside cybersecurity leaders, infrastructure operators, and technical experts – to discuss DNS: a critical yet often underappreciated layer of internet defense.

Chaired by Ari Schwartz and me, the roundtable sought to translate complex technical insights into clear, actionable takeaways and recommendations for international policymakers. Participants examined how protective DNS, Domain Name System Security Extensions (DNSSEC), and encrypted transports can be scaled across government and industry, aligning with both National Institute of Standards and Technology Special Publication 800‑81 guidance and regional policy frameworks.

Kicking off the discussion, Scott Harrell, CEO of Infoblox, emphasized the strategic imperative of DNS security. He noted the importance of elevating it as a core part of cyber risk management. Participants agreed that the DNS layer is overlooked in enterprise defenses, even though it can intercept a vast majority of malware before it impacts users.

With DNS abuse underpinning phishing, ransomware, and data theft, Protective DNS services are gaining traction, but adoption is inconsistent. Harrell underscored the need for better integration of DNS protections into security architectures and incident response planning, especially in cloud‑based and hybrid environments.

Threat Landscape: A View from the Pacific and Beyond

Participants shared threat intelligence pointing to evolving tactics in DNS exploitation, from fast‑flux botnets to lookalike domain campaigns – with the rise of large scam centers in Association of Southeast Asian Nations (ASEAN) countries a top concern.

A representative from the Pacific Islands offered a regional view: the threats they face are not theoretical — there has been an increase in DNS enabled ransomware attacks. They directly impact essential services, public trust, and sovereignty in digitally dependent yet infrastructure‑limited environments. This underscored a key takeaway: DNS security is not just a technical issue — it’s a national resilience issue, particularly for small states and remote communities that depend on cloud services and outsourced DNS infrastructure.

DNS Frameworks and in Policy

A robust policy discussion examined how international frameworks are advancing DNS security. Panelists explored the EU’s NIS2 Directive, as well as the newly released NIST SP 800‑81 Revision 3 (Initial Public Draft), titled Secure Domain Name System (DNS) Deployment Guide (published April 10, 2025; public comments due May 26, 2025).

Key highlights of the NIST draft include:

• DNS as a Zero Trust Policy Enforcement Point (PEP): SP 800‑81 Rev 3 recommends leveraging DNS to enforce access decisions—using query behavior as an input to Zero Trust engines, and selectively blocking or redirecting requests that violate policy.
• Authoritative DNS Integrity with DNSSEC: Guidance on signing zone data to guarantee authenticity. The draft provides best practices for key management, algorithm selection, and monitoring for misconfigurations.
• Recursive DNS Confidentiality and Privacy: Recommendations to deploy encrypted DNS transports (DoT, DoH) to protect client queries from eavesdropping, along with guidance on logging and telemetry that balance visibility with privacy.
• Protective DNS as a Network Defense Layer: Techniques for integrating threat intelligence feeds, automated blocklists, and real‑time anomaly detection to stop malicious domains before resolution.

During the roundtable’s working segment, industry panelists and government reps shared views on:

• Whole‑of‑Government Protective DNS: Several national governments already operate enterprise‑scale PDNS services. PDNS provides centralized block‑lists and telemetry across all government agencies, demonstrating the scalability and uniform protection of a unified resolver platform.
• Regional PDNS Collaboratives: In addition to national programs, there’s growing interest in cross‑border PDNS solutions — especially among Pacific Islands and ASEAN partners — where shared regional resolvers can pool threat intelligence and lower per‑user costs.

Cross‑Border Cooperation and Enforcement

Participants then turned to the thorny issues of domain takedowns, threat‑indicator sharing, and mutual legal assistance. Discussion points included:

• Jurisdictional challenges when registrars fail to honor abuse requests.
• Building trust‑based registrant relationships via enhanced ICANN abuse contacts and multilateral enforcement forums.
• Coordinating unstoppable hosting takedowns to close safe havens for DNS‑based malware infrastructure.

There was strong support for exploring collaboration on these issues.

Takeaways and Next Steps

As the session wrapped, takeaways emerged:

1. Recognize DNS as Critical to National Resilience: DNS is no longer just a technical protocol—it is a pillar of national resilience. For digitally dependent societies, especially small states and remote regions, DNS protection is essential to safeguarding sovereignty, public services, and trust in the digital economy.
2. Embed DNS in Risk Frameworks: Elevate DNS protection in national strategies and national frameworks.
3. Harmonize Standards: Align NIST SP 800‑81 Rev 3 with NIS2 requirements and work towards a global common baseline.
4. Scale Through Collaboration: Invest in workforce development, registrar partnerships, and regional programs — especially for resource‑constrained Pacific and ASEAN partners.

‍