none
Is DNSSEC Still Relevant? RRS feed

  • Question

  • As part of maintaining security, we are looking into implementing DNSSEC on the LAN side.  This would be enabling DNSSEC on our internal Windows DNS servers.

    1. All the documentation I see on DNSSEC is very old--2012 era.  Is DNSSEC still relevant in today's world?  Are people still deploying it?

    2. Should DNSSEC even be enabled on a LAN side, or is this more of a WAN DNS technology?

    Thank you

    Thursday, November 7, 2019 12:01 AM

Answers

  • Hi Candy,

    Thank you for the information. 

    1. At this time I'm not seeing any DNSSEC documentation from Microsoft applicable to Server 2016 or Server 2019.
    2. I'm only receiving one reply in this thread, which leads me to believe not a lot of people are using this on the LAN side.
    3. When searching online, I'm only finding DNSSEC documentation for Server 2016 from third parties.  I'm not finding any solid third party documentation geared towards Server 2019.

    This leads me to believe that this is a dying technology, or has limited applicability.  I spoke to my team and I'm recommending we hold off on the deployment at this time and focus on other security initiatives first.

    • Marked as answer by Mike_Business Tuesday, November 12, 2019 5:58 PM
    Tuesday, November 12, 2019 5:58 PM

All replies

  • Hi ,

    DNSSEC can still be used in server 2016.

    The following link talking about how to configure DNSSEC in a Windows Server 2016 environment, you could have a look:

    Secure DNS Traffic Using DNSSEC and DNS Policies

    Step by Step Implementing DNS Security in Windows Server 2016

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Candy



    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Thursday, November 7, 2019 4:31 AM
  • Hi ,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.                  

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Monday, November 11, 2019 3:28 AM
  • Hi ,

    You could mark the useful reply as answer if you want to end this thread up.

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Tuesday, November 12, 2019 7:26 AM
  • Hi Candy,

    Thank you for the information. 

    1. At this time I'm not seeing any DNSSEC documentation from Microsoft applicable to Server 2016 or Server 2019.
    2. I'm only receiving one reply in this thread, which leads me to believe not a lot of people are using this on the LAN side.
    3. When searching online, I'm only finding DNSSEC documentation for Server 2016 from third parties.  I'm not finding any solid third party documentation geared towards Server 2019.

    This leads me to believe that this is a dying technology, or has limited applicability.  I spoke to my team and I'm recommending we hold off on the deployment at this time and focus on other security initiatives first.

    • Marked as answer by Mike_Business Tuesday, November 12, 2019 5:58 PM
    Tuesday, November 12, 2019 5:58 PM
  • Hi ,

    Thanks for your sharing as it would be helpful to anyone who has similar concern.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Wednesday, November 13, 2019 1:53 AM