none
Server 2012 R2 DNSSEC with External Registrar?

    Question

  • I would like to deploy a standalone (non Active Directory) Microsoft 2012 R2 DNS server using a DNSSEC signed zone for our external domain name. When we used DNSSEC with bind and GoDaddy, I set a longer than average key expiration and then uploaded the DS key to GoDaddy (see here: http://support.godaddy.com/help/article/6115/managing-dnssec-for-your-domain-name).

    I have a couple of questions:

    1) When walking through the DNSSEC wizard, if I wanted to set the interval before refreshing the key with GoDaddy to 2 years, which option would I set?

    2) When the zone is signed, there are what look like dozens of new records added, which of these is the key I'd upload to GoDaddy?

    Wednesday, August 20, 2014 4:28 PM

Answers

  • Thank you Steven. 

    I found the answer for #2. You have to upload the two keys in %systemroot%\system32\dns\dsset-yourdomain.ext

    http://technet.microsoft.com/en-us/library/jj200221.aspx
    http://technet.microsoft.com/en-us/library/dn593672.aspx

    Thursday, August 21, 2014 2:21 PM

All replies

  • Hi,

    1)Key expiration and replacement in DNSSEC is called key rollover. Choose Customize zone signing parameters when launch the DNSSEC wizard. We can set the rollover frequency in Key Singing Key.

    2)When you sign a zone with DNSSEC, you are individually signing all the records contained in the zone. This makes it possible to add, modify, or delete records in the zone without re-signing the entire zone. It is only necessary to re-sign the updated records.

    For detialed information about DNSSEC, please refer to the link below,

    Step-by-Step: Demonstrate DNSSEC in a Test Lab

    http://technet.microsoft.com/en-us/library/hh831411.aspx

    Best Regards.



    Steven Lee

    TechNet Community Support

    Thursday, August 21, 2014 1:23 PM
    Moderator
  • Thank you Steven. 

    I found the answer for #2. You have to upload the two keys in %systemroot%\system32\dns\dsset-yourdomain.ext

    http://technet.microsoft.com/en-us/library/jj200221.aspx
    http://technet.microsoft.com/en-us/library/dn593672.aspx

    Thursday, August 21, 2014 2:21 PM
  • Hi,

    Glad to hear the issue has been resolved and thanks for the sharing!

    Best Regards.



    Steven Lee

    TechNet Community Support

    Monday, August 25, 2014 12:46 PM
    Moderator