Guidelines

These guidelines apply to you if you run one or many top-level domains (TLDs) or other critical zones. These include: TLD operators/registries, including TLD zones themselves (e.g., .com, .info, .be) and their subdomains (e.g., co.uk, co.za), and any auxiliary zones necessary to the operation of a ccTLD (e.g., nic.uk, nic.fr, nic.dk), delegation-centric zones of national importance for TLDs, SLDs tied to critical services such as healthcare and e-governance/citizen and ID services (e.g., mitid.dk), Zones for finance/banking domain names.

The guidelines are not comprehensive, but they can help get you started on implementing KINDNS practices.

These guidelines apply to you if you run an authoritative server for SLD zones except those specifically called out as critical. If as SLD owner (registrant) you are not running your own DNS servers, we encourage you to check with your providers which are the practices they have implemented on their platform.

The guidelines are not comprehensive, but they can help get you started on implementing KINDNS practices.

These guidelines apply to you if you run private resolvers. Private resolvers are not publicly accessible and cannot be reached over the open internet. They are typically found in corporate networks or other restricted-access networks. Private resolvers in some cases are part of a trusted computing domain (e.g., Active Directory).

The guidelines are not comprehensive, but they can help get you started on implementing KINDNS practices.

These guidelines apply to you if you run a shared private resolver. These are typically run by ISPs or similar hosting service providers. They offer DNS resolution services to their customers.

The guidelines are not comprehensive, but they can help get you started on implementing KINDNS practices.

These guidelines apply to you if you run one or more open or closed public resolvers. As public Resolver providers you typically allow users from remote networks to send their queries to your resolvers. If you are a closed public resolvers operator and also offer a free tier service to your customer you then also fit in the open public resolvers category.

The guidelines are not comprehensive, but they can help get you started on implementing KINDNS practices.

These guidelines apply to all DNS operators and help them run their DNS services on top of a robust and secure system.

The guidelines are not comprehensive nor do they cover all types of infrastructure, but they can help get you started on hardening the security of your systems.