Checklist: Preparing to Deploy DNSSEC

Updated: October 7, 2009

Applies To: Windows Server 2008 R2


This topic applies to DNSSEC in Windows Server 2008 R2. DNSSEC support is greatly enhanced in Windows Server 2012. For more information, see DNSSEC in Windows Server 2012.

This checklist provides links to important concepts and procedures you can use as you prepare to deploy Domain Name Security Extensions (DNSSEC).


When a reference link takes you to a conceptual topic or to a subordinate checklist, return to this topic after you review the conceptual topic or you complete the tasks in the subordinate checklist so that you can proceed with the remaining tasks in this checklist.

Checklist: Preparing to deploy DNSSEC

  Task Reference

Review zone signing requirements.

When to Re-sign a Zone File

Identify the key rollover mechanisms that you will use.

Identify the Rollover Mechanism

Identify at least two secure computers, one of which runs the DNS server role on Windows Server® 2008 R2. The other computer does not have to be a DNS server.

Identify Signing Computers

Identify zones to be secured.

Identify Zones for DNSSEC

Back up a zone file from the authoritative DNS server.

Back up a Zone File

See Also


Checklist: Implementing DNSSEC