none
should I use DNSSEC? RRS feed

  • Question

  • Hello

    There is internal and external dns servers in our environment. (ADI zones). 

    1- If I understand correctly, nowadays DNSSEC isn't worth using it -- more problems than benefits. Right?

    2- If you suggest to use it, could it cause any problems?

    3- could it be enabled just on external DNS servers? is it recommended?

    4- why no one is using it?

    thanks in advance


    Wednesday, October 2, 2019 2:43 PM

All replies

  • Hi Ghasem,

     

    Thanks for posting in the forum.

     

    DNSSEC provides a security enhancement for the domain name system. It is an authentication mechanisms for domain name source identity, integrity, and whether it has been tampered with during transmission.

     

    At the same time, although DNSSEC provides trusted secure DNS communication, it is not fully supported by the entire domain name system. The main reason is that the domain name system is too large. From root to TLD to subdomain, there is no guarantee that all nodes will support it.

     

    Please refer to the following link to decide whether you need to configure DNSSEC:

    https://dyn.com/blog/is-dnssec-adoption-worth-it-for-enterprises/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information. 

    If you want to configure it, In addition to enabling this feature on the external DNS, you need to import the external DNSKEY into the internal DNS. Then create a policy to ask the DNS client to check if domain name and IP address has been verified by the internal DNS server.

    Hope above information can help you.

     

    Highly appreciate your effort and time. If you have any question or concern, please feel free to let me know.

     

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Thursday, October 3, 2019 8:57 AM
  • Hi,

     

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

     

    Best Regards,

     

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, October 10, 2019 2:20 AM
  • Hi,
    Could the above reply be of help? If yes, you may mark it as answer, if not, feel free to feed back


    Best Regards,
    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, October 14, 2019 7:15 AM
  • thanks for your reply dear

    but some of my questions remained unanswered.

    Wednesday, October 16, 2019 4:52 PM
  • Hi,

    Sorry for my delay. I'm in a vacation recently.

    How are things going on? 

    If you have any questions or concern, please feel free to let me know.

    Have a nice day!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, November 8, 2019 2:47 AM