You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Current »

KINDNS best practices and implementation guidelines cover the following five categories of Authoritative Server and Recursive Resolver operators:


Authoritative Server Operators:

  • Critical Zones. For KINDNS purposes, the following are considered critical zones:
  • Zones managed by Top-level Domain (TLD) operators/registries, including TLD zones themselves (e.g., .com, .info, .be) and their subdomains (e.g., co.uk, co.za), and any auxiliary zones necessary to the operation of a ccTLD (e.g., nic.uk, nic.fr, nic.dk)
    • Other delegation-centric zones of national importance for TLDs
    • SLDs tied to critical services such as healthcare and e-governance/citizen and ID services (e.g., mitid.dk)
    • Finance/banking sites
  • Other SLD Zones. This includes all SLD zones except those specifically called out as critical zones.


Recursive Server Operators:

  • Private Resolvers. Private resolvers are not publicly accessible and cannot be reached over the open internet. They are typically found in corporate networks or other restricted-access networks. Private resolvers in some cases are part of a trusted computing domain (e.g., Active Directory).
  • Shared Private Resolvers. Shared private resolver operators are typically ISPs or similar hosting service providers. They offer DNS resolution services to their customers (mobile, cable/DSL/fiber residential and commercial users, as well as hosted servers and applications). The client or host is using the ISP to access the rest of the Internet.
  • Public Resolvers. This category includes both open and closed public resolvers. Examples of open public resolvers include CloudFlare’s 1.1.1.1, Google’s 8.8.8.8, and Quad9’s 9.9.9.9. Closed public resolvers are typically commercial DNS filtering/scrubbing services, such as DNSfilter and OpenDNS. These service providers are typically not Internet Service Providers, and the clients sending queries to them are located on remote networks. Note that some operators of closed public resolvers may also offer a free tier service, which also makes them open public resolvers.



  • No labels