Checklist: Re-sign a Zone File

Published: October 7, 2009

Updated: October 7, 2009

Applies To: Windows Server 2008 R2

This topic applies to DNSSEC in Windows Server 2008 R2. DNSSEC support is greatly enhanced in Windows Server 2012. For more information, see DNSSEC in Windows Server 2012.

This checklist provides links to important procedures you can use to re-sign a zone file.

If you re-sign a zone using the same parameters that you used previously, the validity period is automatically extended. To shorten the validity period and force key rollover, change the ValidTo date.

When a reference link takes you to a conceptual topic or to a subordinate checklist, return to this topic after you review the conceptual topic or you complete the tasks in the subordinate checklist so that you can proceed with the remaining tasks in this checklist.

Checklist Checklist: Re-sign a Zone File


  Task Reference

Review requirements to determine whether or not to generate new key pairs.

Conceptual topic When to Re-sign a Zone File


Generate new key pairs for key rollover.

Checklist topic Generate Key Pairs


Back up the private keys.

Checklist topic Back Up Private Keys


Sign the zone file.

Checklist topic Sign a Zone File


Reload the signed zone file.

Checklist topic Reload a Zone File

See Also

Community Additions