TL;DR: A broader shift is underway: DNS is being treated as a control layer for availability, security, and trust as certificate lifecycles shorten and automation increases, according to DigiCert and Frost & Sullivan. For identity and security teams, the key issue is governance across resolution, validation, and lifecycle control, not DNS performance alone.
NHIMG editorial — based on content published by DigiCert: DigiCert receives Frost & Sullivan 2026 competitive strategy leadership recognition in the global DNS security industry
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
Questions worth separating out
Q: How should security teams govern DNS when it also controls certificate trust?
A: Treat DNS as part of the trust lifecycle, not just infrastructure.
Q: Why do DNS and PKI integrations create governance risk?
A: They create risk because one control plane can now influence both routing and trust creation.
Q: What breaks when certificate lifecycle actions are handled through DNS automation?
A: What breaks is the assumption that validation is a one-time technical check.
Practitioner guidance
- Map DNS trust dependencies into identity governance Inventory every workflow where DNS changes can trigger certificate issuance, validation, renewal, or revocation.
- Separate approval from execution in DNS-to-PKI flows Require explicit approval for validation and renewal paths that rely on domain control proof.
- Review DNS posture as a trust control, not a network metric Track misconfiguration, policy drift, and record ownership as governance signals.
What's in the full analysis
DigiCert's full article covers the operational detail this post intentionally leaves for the source:
- The report's discussion of unified DNS and PKI architecture for teams that need implementation detail beyond the governance lens.
- The specific role of UltraDNS and Trust Lifecycle Manager in domain control validation and certificate workflows.
- The operational examples behind globally distributed DNS, automated failover, and health-based routing.
- The vendor's explanation of DNS posture management and how it is positioned in the platform.
👉 Read DigiCert's analysis of DNS and PKI convergence for trust governance →
DNS and PKI convergence: what it means for trust controls?
Explore further
DNS and PKI convergence exposes a governance problem, not just an infrastructure optimisation. The article shows that when resolution and certificate validation move into one control plane, trust becomes a lifecycle issue that spans multiple administrative domains. That matters because identity governance breaks when the organisation assumes each layer can be managed independently. Practitioners should treat the merged control plane as a single governed trust surface.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to the Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why lifecycle visibility and offboarding discipline matter across machine identity programmes.
A question worth separating out:
Q: How do identity teams decide whether DNS posture management is in scope?
A: DNS posture management is in scope whenever record state can affect trust, access, or validation outcomes. If misconfigurations, delegated access, or automation can alter who receives trusted traffic or certificates, then DNS belongs in governance reviews alongside machine identity and lifecycle controls.
👉 Read our full editorial: DNS and PKI convergence changes how trust is governed