• Hello Everyone,

    I am looking for some feedback on implementing DNSSEC in our organization for client DNS lookup.

    To date, we have about 400 PCs that run Windows 7 Professional SP1, various Windows server 2003 at different SP levels, Windows server 2008 and Windows server 2008 R2.  We have 3 domain controllers running Windows Server 2008 R2.  All of our machines queries the domain controllers for DNS, which we then use Public DNS (Google).

    Due to a recent mandate for the higher ups, I need to ensure that the client PC’s use DNSSEC when doing web browser and would not connect if there is a problem. 

    I am looking for how I can easily accomplish this in my existing setup with the least amount of work possible.  Is there such a Way to do this in Windows 2008 R2? Also do I need to modify the Name Resolution Policy to have the clients focus their attention to DNSSEC?

    Also, do you think it would be easier to go to windows server 2012 R2 and accomplish this knowing that the DNS GUI easily supports this?

    Also, on Windows 2008, it was suggested to me from someone that i execute the command "dnscmd /config /EnableEDnsProbes 0". The perosn claimed this would turn DDNSSEC on.  I have doubts that this will work judging by how Microsoft describes this command. Is this the holy grail command? 


    Please let me know what you think.

    Thank you

    • Edited by Root89 Friday, January 24, 2014 6:20 PM
    Friday, January 24, 2014 6:18 PM


All replies