Checklist: Implementing DNSSEC

Article
06/18/2014

Updated: October 7, 2009

Applies To: Windows Server 2008 R2

Tip

This topic applies to DNSSEC in Windows Server 2008 R2. DNSSEC support is greatly enhanced in Windows Server 2012. For more information, see DNSSEC in Windows Server 2012.

This checklist provides links to important concepts and procedures you can use to implement DNSSEC. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design. Verify that your DNS infrastructure is operating as expected after performing each procedure.

Note

When a reference link takes you to a conceptual topic or to a subordinate checklist, return to this topic after you review the conceptual topic or you complete the tasks in the subordinate checklist so that you can proceed with the remaining tasks in this checklist.

Checklist: Implementing DNSSEC

	Task	Reference
	Review key concepts for DNSSEC.	Introduction to DNSSEC Understanding DNSSEC in Windows
	Review deployment staging recommendations, hardware and software requirements, and key management considerations for DNSSEC. Upgrade or deploy DNS servers running Windows Server® 2008 R2 as required, and verify your DNS infrastructure is performing as expected.	DNSSEC Deployment Planning
	Review zone signing requirements, choose a key rollover mechanism, and identify the secure computers and DNSSEC protected zones for your staged deployment.	Checklist: Preparing to Deploy DNSSEC
	Generate and back up keys, then sign and reload the DNSSEC protected zone. Verify that your DNS infrastructure is performing as expected before proceeding to the next step.	Checklist: Signing a Zone
	Distribute trust anchors to all non-authoritative DNS servers that will perform DNSSEC validation of data from the signed zone. Verify that your DNS infrastructure is performing as expected before proceeding to the next step.	Checklist: Configuring and Distributing Trust Anchors
	Deploy certificates and IPsec policy to your DNS servers. Verify that your DNS infrastructure is performing as expected before proceeding to the next step.	Checklist: Configuring IPsec Policy on the DNS Server
	Configure Name Resolution Policy Table (NRPT) settings and deploy IPsec policy to client computers. Verify that your DNS infrastructure is performing as expected before proceeding to the next stage of your DNSSEC deployment plan.	Checklist: Deploying DNSSEC and IPsec on the DNS client

Partager via

Checklist: Implementing DNSSEC

See Also

Concepts

Ressources supplémentaires