Export (0) Print
Expand All

Checklist: Implementing DNSSEC

Published: October 7, 2009

Updated: October 7, 2009

Applies To: Windows Server 2008 R2

TipTip
This topic applies to DNSSEC in Windows Server 2008 R2. DNSSEC support is greatly enhanced in Windows Server 2012. For more information, see DNSSEC in Windows Server 2012.

This checklist provides links to important concepts and procedures you can use to implement DNSSEC. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design. Verify that your DNS infrastructure is operating as expected after performing each procedure.

noteNote
When a reference link takes you to a conceptual topic or to a subordinate checklist, return to this topic after you review the conceptual topic or you complete the tasks in the subordinate checklist so that you can proceed with the remaining tasks in this checklist.

Checklist Checklist: Implementing DNSSEC

 

  Task Reference
Checkbox

Review key concepts for DNSSEC.

Conceptual topic Introduction to DNSSEC

Conceptual topic Understanding DNSSEC in Windows

Checkbox

Review deployment staging recommendations, hardware and software requirements, and key management considerations for DNSSEC.

Upgrade or deploy DNS servers running Windows Server® 2008 R2 as required, and verify your DNS infrastructure is performing as expected.

Conceptual topic DNSSEC Deployment Planning

Checkbox

Review zone signing requirements, choose a key rollover mechanism, and identify the secure computers and DNSSEC protected zones for your staged deployment.

Checklist topic Checklist: Preparing to Deploy DNSSEC

Checkbox

Generate and back up keys, then sign and reload the DNSSEC protected zone.

Verify that your DNS infrastructure is performing as expected before proceeding to the next step.

Checklist topic Checklist: Signing a Zone

Checkbox

Distribute trust anchors to all non-authoritative DNS servers that will perform DNSSEC validation of data from the signed zone.

Verify that your DNS infrastructure is performing as expected before proceeding to the next step.

Checklist topic Checklist: Configuring and Distributing Trust Anchors

Checkbox

Deploy certificates and IPsec policy to your DNS servers.

Verify that your DNS infrastructure is performing as expected before proceeding to the next step.

Checklist topic Checklist: Configuring IPsec Policy on the DNS Server

Checkbox

Configure Name Resolution Policy Table (NRPT) settings and deploy IPsec policy to client computers.

Verify that your DNS infrastructure is performing as expected before proceeding to the next stage of your DNSSEC deployment plan.

Checklist topic Checklist: Deploying DNSSEC and IPsec on the DNS client

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft