Implementing a Secure DNS Design

Updated: October 7, 2009

Applies To: Windows Server 2008 R2

Consider the following before you implement your secure DNS design plan:

  • Review the level of protection in your network against common DNS security threats. For a detailed description of DNS security threats see Securing DNS ( in the Windows Server DNS Operations Guide.

  • Collect information about the design and configuration of DNS in your organization and determine which security settings and features you should implement. For more information, see Planning Your Secure DNS Deployment.

  • Review concepts and benefits associated with implementing DNS Security Extensions (DNSSEC) on your network. For more information, see Introduction to DNSSEC.

  • Review information about implementing DNSSEC in Windows Server® 2008 R2 and Windows® 7. For more information, see Understanding DNSSEC in Windows.

  • Review the deployment stages, software and hardware considerations, and other operational considerations associated with deploying DNSSEC on your network. For more information, see DNSSEC Deployment Planning.

How to implement your secure DNS design using this guide

The next step in implementing your design is to determine in what order each of the deployment tasks must be performed. This guide uses checklists to help you walk through the various server and application deployment tasks that are required to implement your design plan.

The following graphic shows how parent and child checklists are used as necessary to represent the order in which tasks must be performed.


You cannot use the graphic above to access procedures; it is only intended to illustrate how the document is organized.

See the following parent checklists in this section of the guide to become familiar with the deployment tasks for implementing a secure DNS design: