DNS and PKI convergence: what it means for trust controls

TL;DR: A broader shift is underway: DNS is being treated as a control layer for availability, security, and trust as certificate lifecycles shorten and automation increases, according to DigiCert and Frost & Sullivan. For identity and security teams, the key issue is governance across resolution, validation, and lifecycle control, not DNS performance alone.

NHIMG editorial — based on content published by DigiCert: DigiCert receives Frost & Sullivan 2026 competitive strategy leadership recognition in the global DNS security industry

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.

Questions worth separating out

Q: How should security teams govern DNS when it also controls certificate trust?

A: Treat DNS as part of the trust lifecycle, not just infrastructure.

Q: Why do DNS and PKI integrations create governance risk?

A: They create risk because one control plane can now influence both routing and trust creation.

Q: What breaks when certificate lifecycle actions are handled through DNS automation?

A: What breaks is the assumption that validation is a one-time technical check.

Practitioner guidance

• Map DNS trust dependencies into identity governance Inventory every workflow where DNS changes can trigger certificate issuance, validation, renewal, or revocation.
• Separate approval from execution in DNS-to-PKI flows Require explicit approval for validation and renewal paths that rely on domain control proof.
• Review DNS posture as a trust control, not a network metric Track misconfiguration, policy drift, and record ownership as governance signals.

What's in the full analysis

DigiCert's full article covers the operational detail this post intentionally leaves for the source:

• The report's discussion of unified DNS and PKI architecture for teams that need implementation detail beyond the governance lens.
• The specific role of UltraDNS and Trust Lifecycle Manager in domain control validation and certificate workflows.
• The operational examples behind globally distributed DNS, automated failover, and health-based routing.
• The vendor's explanation of DNS posture management and how it is positioned in the platform.

👉 Read DigiCert's analysis of DNS and PKI convergence for trust governance →

DNS and PKI convergence: what it means for trust controls?

Explore further

View Full Forum →  |  NHI Foundation Course →