Deploy360 20 March 2014

Microsoft Publishes Guide To Deploying DNSSEC In Windows Server 2012

By Dan YorkDirector, Internet Technology

Do you work in an enterprise using Microsoft Windows Server 2012 and are interested in either deploying DNSSEC validation to provide better security to your users – and/or securing your own DNS zones using DNSSEC?

If so, the good folks at Microsoft just recently released a new guide “DNSSEC in Windows Server 2012” that guides you through what you need to do to deploy DNSSEC in Windows Server 2012 and Windows Server 2012 R2.  I’d note that it covers both the validation and signing sides of DNSSEC.

The document has four major sections:

  • Overview of DNSSEC
  • DNSSEC in Windows
  • DNSSEC Deployment Planning
  • Deploy DNSSEC with Windows Server 2012

as well as few appendices.  The document goes into quite a deep level of detail with how DNSSEC is integrated into various aspects of Windows Server 2012.  The “Deployment Planning” section seemed quite useful, too, as it explored some of the performance requirements and also suggested a process for staging a deployment.

In reading through the document, I was quite impressed by the “Deploy DNSSEC with Windows Server 2012” section that includes many different checklists to help administrators know precisely what they need to be doing.  While I don’t personally work with a Windows Server 2012, the checklists seemed to be covering the areas that I would want them to cover.

As we look to get more enterprises doing DNSSEC validation and also signing their own zones, it is great to see this document come out of Microsoft!    If you work with Microsoft Windows Server 2012, definitely do give it a look – and start deploying DNSSEC today!

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...