The Domain Name System (DNS) underpins the very functioning of the Internet and today’s global economy. As a result, the impact of unintentional incidents as well as cyberattacks on the DNS can be significant. This report focuses on DNS security, i.e. the area of cybersecurity that covers incidents disrupting the availability, integrity and confidentiality of parts of the DNS ecosystem. It analyses the roles and vulnerabilities of actors in the DNS ecosystem, highlights common misconceptions, and discusses the role of governments in enhancing DNS security. The report notably underlines that there is no panacea for DNS security and that promising technical solutions often come with trade-offs.