Answered by:
Is DNSSEC Still Relevant?

Question
-
As part of maintaining security, we are looking into implementing DNSSEC on the LAN side. This would be enabling DNSSEC on our internal Windows DNS servers.
1. All the documentation I see on DNSSEC is very old--2012 era. Is DNSSEC still relevant in today's world? Are people still deploying it?
2. Should DNSSEC even be enabled on a LAN side, or is this more of a WAN DNS technology?
Thank you
Answers
-
Hi Candy,
Thank you for the information.
- At this time I'm not seeing any DNSSEC documentation from Microsoft applicable to Server 2016 or Server 2019.
- I'm only receiving one reply in this thread, which leads me to believe not a lot of people are using this on the LAN side.
- When searching online, I'm only finding DNSSEC documentation for Server 2016 from third parties. I'm not finding any solid third party documentation geared towards Server 2019.
This leads me to believe that this is a dying technology, or has limited applicability. I spoke to my team and I'm recommending we hold off on the deployment at this time and focus on other security initiatives first.
- Marked as answer by Mike_Business Tuesday, November 12, 2019 5:58 PM
All replies
-
Hi ,
DNSSEC can still be used in server 2016.
The following link talking about how to configure DNSSEC in a Windows Server 2016 environment, you could have a look:
Secure DNS Traffic Using DNSSEC and DNS Policies
Step by Step Implementing DNS Security in Windows Server 2016
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com- Proposed as answer by Candy LuoMicrosoft contingent staff Tuesday, November 12, 2019 7:26 AM
-
Hi ,
Just want to confirm the current situations.
Please feel free to let us know if you need further assistance.
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com -
Hi ,
You could mark the useful reply as answer if you want to end this thread up.
If there is anything else we can do for you, please feel free to post in the forum.
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com -
Hi Candy,
Thank you for the information.
- At this time I'm not seeing any DNSSEC documentation from Microsoft applicable to Server 2016 or Server 2019.
- I'm only receiving one reply in this thread, which leads me to believe not a lot of people are using this on the LAN side.
- When searching online, I'm only finding DNSSEC documentation for Server 2016 from third parties. I'm not finding any solid third party documentation geared towards Server 2019.
This leads me to believe that this is a dying technology, or has limited applicability. I spoke to my team and I'm recommending we hold off on the deployment at this time and focus on other security initiatives first.
- Marked as answer by Mike_Business Tuesday, November 12, 2019 5:58 PM
-
Hi ,
Thanks for your sharing as it would be helpful to anyone who has similar concern.
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com