KINDNS is an ICANN initiative to promote voluntary security best practices for authoritative and recursive DNS operators.
DNS itself and all the security measures that support its operation are based on open standards. As is typically the case with security in general, getting all DNS operators and others in the DNS ecosystem to implement security features at the same level has been challenging. Smaller operators struggle to follow the continuous evolution of security measures, while large operators may choose and implement only the measures that are most helpful to their business goals. Meanwhile, this patchwork of varying security levels leads to vulnerabilities that malicious actors leverage for their attacks. KINDNS aims to identify sets of simple and straightforward measures that DNS operators can implement in order to mitigate those exploits.
To develop a baseline level of security, the KINDNS team worked closely with the DNS technical community to identify and document, in the form of guidelines, a small set of mutually agreed norms that operators of any size can easily implement. These norms support a secure DNS ecosystem. After improving the guidelines, receiving community feedback on them, and implementing them in test situations to further validate them, we published the initial version of KINDNS in September 2022.