A practical checklist to keep your DNS configuration safe and clean.
Disable wildcard DNS unless you truly need it.
Use CAA to restrict certificate issuance.
Keep nameservers consistent and disable recursion on authoritative NS.
Enable DNSSEC if your registrar and DNS provider support it.