As a vital infrastructure of the Internet, DNS provides name resolution services for Internet applications. Major Internet incidents in recent years indicate that DNS is facing serious security threats. The vulnerability of DNS can be divided into three categories:protocol design vulnerability, technology implementation vulnerability, and architecture vulnerability. In view of the above vulnerabilities, the latest research achievements on DNS security enhancement are summarized which include protocol design, system implementation, DNS monitoring and DNS decentralization. Some possible future research hotspots and challenges are also discussed.