Assessing Resilience in Authoritative DNS Infrastructure Supporting Government Services

Online government services are increasingly regarded as critical national infrastructure. Because these services directly influence public trust, any disruption can have significant societal and political consequences. Yet their supporting infrastructures remain vulnerable to outages from natural disasters, geopolitical tensions, and targeted attacks. Central to their operation is the authoritative Domain Name System (DNS) infrastructure, the single source of truth that maps government domain names to service endpoints. While indispensable, this infrastructure also represents a potential and critical point of system failure. In this paper, we introduce a comprehensive assessment framework with purpose-designed mechanisms to systematically evaluate the operational resilience of authoritative DNS infrastructure supporting government services. Complementing prior studies on website hosting, recursive resolution, and DNS record integrity, our work provides a holistic view of authoritative DNS operation. Our first contribution develops a multi-sourced data schema that characterizes a (government) domain's authoritative DNS infrastructure across four hierarchical levels: physical hosting infrastructure, server functionality, name servers, and individual hosting instances. Using data collected from six representative countries, our second contribution identifies resilience attributes at their finest applicable hierarchy across three operational phases: infrastructure placement, service configuration, and DNS record dispatch. Our method assigns numerical scores to each attribute and aggregates them algorithmically to enable consistent and cross-domain comparisons. We apply our method to government domains in the six countries, highlighting their strengths and weaknesses in authoritative DNS resilience and pinpointing operational practices that require improvement.