KINDNS is an ICANN initiative to promote voluntary security best practices for authoritative and recursive DNS operators.

DNS itself and all the security measures that support its operation are based on open standards. As is typically the case with security in general, getting all DNS operators and others in the DNS ecosystem to implement security features at the same level has been challenging. Smaller operators struggle to follow the continuous evolution of security measures, while large operators may choose and implement only the measures that are most helpful to their business goals. Meanwhile, this patchwork of varying security levels leads to vulnerabilities that malicious actors leverage for their attacks. KINDNS aims to identify sets of simple and straightforward measures that DNS operators can implement in order to mitigate those exploits.

To develop a baseline level of security, the KINDNS team worked closely with the DNS technical community to identify and document, in the form of guidelines, a small set of mutually agreed norms that operators of any size can easily implement. These norms support a secure DNS ecosystem. After improving the guidelines, receiving community feedback on them, and implementing them in test situations to further validate them, we published the initial version of KINDNS in September 2022.

Currently the KINDNS team has three areas of focus:

  • Actively promoting adoption by the operator community. That includes translating KINDNS content into additional languages, enrolling sponsors and ambassadors as early supporters, and developing and maintaining an active community to support and evolve the initiative.
  • Soliciting and gathering feedback on the KINDNS guidelines in order to refine them and to identify emerging best practices that may be candidates for future additions to KINDNS.
  • Developing tools for self-assessment against the guidelines and an observatory platform around key DNS security indicators that will help measure and assess the impact of KINDNS.