none
DNSSEC- Windows 2003 Server

    Question

  • We have a small corporate network, internal clinets recieve DNS via our two DCs, which both run DNS and use the root DNS serers to answer DNS queries.  DO i need to make any changes with the upcoming DNSSEC being implmented?  I couldnt find anything that directly answered that Q.  I am not hosting any external websites.
    Friday, April 30, 2010 7:37 PM

Answers

  • Hi,

    Thanks for the post.

    Windows Server 2003 DNS provides basic support of the DNS Security Extensions (DNSSEC) protocol as defined in RFC 2535. The current feature support allows DNS servers to perform as secondary DNS servers for existing DNSSEC-compliant, secure zones. DNS supports the storing and loading of the DNSSEC-specific resource records (RRs). Currently, a DNS server is not capable of signing zones and resource records (creating cryptographic digital signatures) or validating the SIG RRs. The DNSSEC resource records are KEY, SIG, and NXT.

    You could refer to the following article to configure DNSSEC on Windows Server 2003.

    http://technet.microsoft.com/en-us/library/cc784518(WS.10).aspx

    Just for your information, Windows Server 2008 R2 DNS provides better support of the DNS Security Extensions (DNSSEC) protocol. You could check the following article:

    http://technet.microsoft.com/sv-se/library/ee649178(WS.10).aspx

    Hope this helps.

     

     

    Monday, May 3, 2010 7:48 AM
    Moderator

All replies

  • Hi,

    Thanks for the post.

    Windows Server 2003 DNS provides basic support of the DNS Security Extensions (DNSSEC) protocol as defined in RFC 2535. The current feature support allows DNS servers to perform as secondary DNS servers for existing DNSSEC-compliant, secure zones. DNS supports the storing and loading of the DNSSEC-specific resource records (RRs). Currently, a DNS server is not capable of signing zones and resource records (creating cryptographic digital signatures) or validating the SIG RRs. The DNSSEC resource records are KEY, SIG, and NXT.

    You could refer to the following article to configure DNSSEC on Windows Server 2003.

    http://technet.microsoft.com/en-us/library/cc784518(WS.10).aspx

    Just for your information, Windows Server 2008 R2 DNS provides better support of the DNS Security Extensions (DNSSEC) protocol. You could check the following article:

    http://technet.microsoft.com/sv-se/library/ee649178(WS.10).aspx

    Hope this helps.

     

     

    Monday, May 3, 2010 7:48 AM
    Moderator
  • Hi,

     

    I just want to check if the information provided was helpful. If there is any update on this issue, please feel free to let me know.

     

    We are looking forward to your reply.

    Thursday, May 6, 2010 5:39 AM
    Moderator