Published On: September 16, 2025Categories: News

KINDNS: Promoting DNS Operational Best Practices

  • Speaker Ulrich Wisser

The Domain Name System (DNS) is one of the internet’s most critical pillars — yet also one of its most vulnerable. At BalticNOG 2025, Ulrich Wisser, Regional Technical Engagement Manager at ICANN, introduced the KINDNS initiative (Knowledge-sharing and Instantiating Norms for DNS and Naming Security), a global effort to help operators strengthen DNS security and reliability.

A Framework for DNS Resilience

KINDNS provides a simple, actionable framework for all DNS operators — from TLD and critical zone operators to public and private resolvers. By joining KINDNS, operators voluntarily commit to implementing best practices and act as “goodwill ambassadors” for the wider community.

For example, authoritative operators are encouraged to:

  • Enable DNSSEC and follow key management best practices.
  • Separate authoritative and recursive infrastructure.
  • Ensure infrastructure diversity across geography, networks, and software.
  • Monitor DNS infrastructure continuously.

Whether private or public, Resolvers are expected to deploy protections such as DNSSEC validation, QNAME minimization, and encrypted DNS transport (DoT or DoH). Public resolvers also commit to limiting DNS query data retention and maintaining multiple distinct servers .

Adoption and Impact

Ulrich highlighted encouraging data from KINDNS’s global self-assessments. While most operators implement DNSSEC validation and infrastructure monitoring, fewer have fully deployed DNS-over-TLS or DNS-over-HTTPS. For example, only 46% of public resolver operators reported enabling encrypted DNS transport.

Operators are also using KINDNS assessments internally — nearly 40% said they leverage the results to convince their organizations to adopt stronger practices.

The Road Ahead

KINDNS is evolving, with discussions on adding response rate limiting (RRL) for authoritative servers, improving IPv6 reachability, and enhancing the role of community steering groups in shaping future standards.

Ulrich’s message is clear: improving DNS operations is a shared responsibility. KINDNS offers the practical guidance and community collaboration needed to secure the DNS ecosystem — one operator at a time.

🚀 Join Us at BalticNOG 2025

Don’t just read about it — experience it live! BalticNOG brings together 40+ speakers, 400+ participants, and attendees from nearly 30 countries for two days of networking, knowledge-sharing, and hands-on learning.

👉 [Get your ticket now] – secure your place before seats run out.
👉 [Check the agenda] – explore the sessions, panels, and workshops that matter most to you.
👉 [Plan your trip] – find travel details, accommodation tips, and everything you need to maximize your time in Vilnius.

Be part of the community shaping the future of the internet. See you at BalticNOG 2025!

Let others know – Share!