Export (0) Print
Expand All

Secure DNS Deployment Guide

Published: October 7, 2009

Updated: October 7, 2009

Applies To: Windows Server 2008 R2

The Domain Name System (DNS) protocol is particularly vulnerable to attack due to an inherent lack of authentication and integrity checking of data that is exchanged between DNS servers or provided to DNS clients. Successful attacks can be especially disruptive because of the critical role that DNS plays in most networks. Therefore, it is important to evaluate the security of your DNS infrastructure and consider the advantages of deploying security features that are provided for the DNS Server role in Windows Server. This documentation provides guidance for using these security features.

This guide is intended for use by system administrators and system engineers. It provides detailed guidance for configuring and deploying a secure Microsoft DNS infrastructure using Windows Server® 2008 R2. If your organization has deployed a Microsoft DNS infrastructure using an earlier version of Windows Server, you can still use this guide to review the secure DNS settings and infrastructure guidelines that are provided. Some enhancements to Microsoft DNS security, such as DNS Security Extensions (DNSSEC) are only available with Windows Server 2008 R2.

This guide provides steps for the following:

Use the checklists in Implementing a Secure DNS Design to configure your Microsoft DNS infrastructure with recommended security settings.

For a list of terms introduced by DNSSEC, see DNSSEC Terminology.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft