Modify DNSSEC configuration

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To modify DNSSEC configuration

  1. Open Registry Editor.

    Caution

    • Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. You can also use the Last Known Good Configuration startup option if you encounter problems after manual changes have been applied.
  2. In Registry Editor, navigate to the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

  3. Add the following DWORD entry:

    EnableDnsSec

  4. Do one of the following:

    • To exclude DNSSEC resource records in query responses other than responses to requests for SIG, KEY or NXT resource records, assign a value of 0x0. Appropriate resource records will be included in responses to requests for SIG, KEY, or NXT resource records only.

    • To include the DNSSEC resource records in all query responses (according to RFC 2535), assign a value of 0x2.

    • To include DNSSEC resource records only in cases where the original client query contained the OPT resource record (according to RFC 2671), assign a value of 0x1 or do not create the value at all. The DNS server behaves the same if the value is 0x1 or if the entry does not appear in the registry.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • To open Registry Editor, click Start, click Run, type regedit, and then click OK.

  • The value of the registry entry EnableDnsSec determines whether the DNS server will include or exclude DNSSEC resource records when it receives queries.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Using DNS Security Extensions (DNSSEC)
DNS RFCs