FYI - EO 14144 has the following provision related to encrypting DNS: (c) Encrypting Domain Name System (DNS) traffic in transit is a critical step to protecting both the confidentiality of the information being transmitted to, and the integrity of the communication with, the DNS resolver. (i) Within 90 days of the date of this order, the Secretary of Homeland Security, acting through the Director of CISA, shall publish template contract language requiring that any product that acts as a DNS resolver (whether client or server) for the Federal Government support encrypted DNS and shall recommend that language to the FAR Council. Within 120 days of receiving the recommended language, the FAR Council shall review it, and, as appropriate and consistent with applicable law, the agency members of the FAR Council shall jointly take steps to amend the FAR. (ii) Within 180 days of the date of this order, FCEB agencies shall enable encrypted DNS protocols wherever their existing clients and servers support those protocols. FCEB agencies shall also enable such protocols within 180 days of any additional clients and servers supporting such protocols. ....
2025-01470.pdf<https://public-inspection.federalregister.gov/2025-01470.pdf> Federal Register on 01/17/2025 and available online at Nationality Act of 1952 (8 U.S.C. 1182(f)), and section 301 of https://federalregister.gov/d/2025-01470 EXECUTIVE ORDER U.S.C. 1601 et seq. 14144<https://public-inspection.federalregister.gov/2025-01470.pdf> 6 develop and publish a preliminary update to the SSDF. This update shall include practices, procedures, controls, and implementation examples regarding the public-inspection.federalregister.gov If codified in FAR - then I believe all contractors will be required to encrypt DNS as well. Should be interesting... RW
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
