Donate
‹ Back
Deploy360 16 February 2012

Want to Deploy DNSSEC on Microsoft Windows 7 or Server 2008 R2?

Dan York
By Dan YorkDirector of Web Strategy

MS DNSSEC Deployment GuideDo you operate a Microsoft Windows server infrastructure and would like to know how to implement DNSSEC? If so, Microsoft published a “DNSSEC Deployment Guide” to help administrators of Windows Server 2008 R2 and Windows 7 systems.

The comprehensive document explains what DNSSEC is all about, walks step-by-step through each process and also provides easy checklists to use as a reference during deployment and ongoing operation.

I no longer administer Windows Servers so can’t personally attest to the usefulness of the guide.  In reading through it, my initial reaction is that there seems to be very little GUI management of DNSSEC. Most of the administration seems to involve use of the ‘dnscmd’ command-line tool.  While that’s perfectly fine by me, given that I’ve a big command-line fan, I suspect that many regular Windows administrators may wish they could execute these commands through one of the administration tools Microsoft provides. The document also was last updated in March 2010 and thus pre-dates the signing of the root in July 2010. With the root signed, the section on distributing trust anchors may no longer be quite as applicable.

Regardless, this appears to be the most recent document provided by Microsoft and so if you have a Windows-based server infrastructure you may want to check it out.  I’d note that this document only applies to Windows Server 2008 R2 and Windows 7.  Earlier versions of Windows Server had much more limited support for DNSSEC.

If you are a Windows administrator, what do you think?  Is this document helpful? Useful?  What could Microsoft do to make DNSSEC deployment easier on Windows Server 2008 R2 or Windows 7?

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Microsoft Publishes Guide To Deploying DNSSEC In Windows Server 2012
Deploy36020 March 2014

Microsoft Publishes Guide To Deploying DNSSEC In Windows Server 2012

Do you work in an enterprise using Microsoft Windows Server 2012 and are interested in either deploying DNSSEC validation to...

Email Hijacking - New Research Shows Why We Need DNSSEC Now!
Deploy36012 September 2014

Email Hijacking – New Research Shows Why We Need DNSSEC Now!

Want a great example of why we need DNSSEC now?  Consider this new research from the CERT/CC team at Carnegie...

Weekend Project: Enable DNSSEC Validation On Your DNS Resolver
Deploy36011 January 2014

Weekend Project: Enable DNSSEC Validation On Your DNS Resolver

Looking for a weekend project to learn more about a new technology?  How about seeing if you can enable DNSSEC...

Join the conversation with Internet Society members around the world