DNS Security Review

A structured, repeatable process for evaluating DNS security posture against NIST SP 800-81 Rev 2 (Secure Domain Name System Deployment Guide) and CIS Controls v8 Control 9.2 (Use DNS Filtering Services). This skill covers DNSSEC deployment, encrypted DNS transport, Response Policy Zones, DNS exfiltration detection, and protective DNS services. All findings are mapped to framework controls with severity ratings and actionable remediation.

When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

• DNS infrastructure security review as part of network security assessment.
• DNSSEC deployment readiness evaluation or post-deployment validation.
• Investigation of suspected DNS-based data exfiltration or command-and-control.
• Compliance audits requiring NIST SP 800-81 alignment.
• Protective DNS service evaluation or deployment planning.
• Incident response when DNS tunneling is suspected.