Checklist: Deploy DNSSEC
Applies To: Windows Server 2012 R2, Windows Server 2012
This parent checklist includes cross-reference links to topics that provide important conceptual information about DNSSEC. It also contains links to subordinate checklists that help you complete the required tasks.
Before you complete the tasks in this checklist, make sure that you have performed the prerequisite tasks in the parent checklist, such as reviewing conceptual information about DNSSEC and deciding on a deployment method and DNSSEC parameter values to use.
The DNS server that you use to perform procedures in this checklist is intended to be the Key Master. For more information, see The Key Master. You can also use a different DNS server than the Key Master but you might have to adjust some steps in these procedures accordingly.
Note
Complete the tasks in this checklist in order. When a reference link takes you to a conceptual topic or to a subordinate checklist, return to this topic after you review the conceptual topic or after you complete the tasks in the subordinate checklist so that you can proceed with the remaining tasks in this checklist.
.jpeg)
Checklist: Deploy DNSSEC
Task |
Reference |
|
|---|---|---|
.jpeg)
|
Review DNSSEC concepts, terminology, components, requirements, and specifications. |
|
|
|
Decide on a deployment method; identify pilot servers and zones. |
|
|
|
Sign a zone. |
|
|
|
Deploy trust anchors. |
|
|
|
Configure and deploy DNS client policies. |
|
|
|
Review zone signing parameters and manage the signed zone. |
|
|
|
Deploy IPsec policy to protect zone transfers |
|
|
|
Review DNS client requirements for DNSSEC validation. |
.jpeg)
.jpeg)