DNSSEC feature helps to protect DNS traffic from threats. In Server 2012, DNSSEC has been made simpler deploy and supports secure dynamic updates in Active Directory integrated zones. Windows Server 2012 supports validations of records signed with updated DNSSEC standards (NSEC3 and RSA/SHA-2 standards). Previously, you could not sign records with NSEC3 and RSA/SHA-2.
1. Open Server Manager and then Click DNS Manager.
2. In the DNS Manager console, Select DNSSEC and then select Sign The Zone.
3. click Next.
4. Select Customize Zone Signing Parameters and then Click Next.
5. Select one DNS server as the key master for the zone. The key master is responsible for generating new signing keys.
6. Click Next.
7. On the key signing key page, Click Add.
8. Click Ok.
9. Click Next.
10. On zone signing key, Click Next.
11. On the Zone Signing Key page, Click Add to configure a ZSK.
12. Click Ok.
13. Click Next.
14. Select NSEC3 resource record rather than the older NSEC resource record for authenticated denial of existence.
15. By default, trust anchors are updated automatically.You also can enable the distribution of trust anchors for the zone.
16. For signing and polling, SHA-1 and SHA-256 are the default algorithms used. Click Next.
17. Click Next.
18. After the wizard signs the zone, click Finish.
- Windows Server 2012 IP Address Management
- How To Use Nslookup To Check DNS TXT Record
- What you should do do in PowerShell after you’ve migrated from Server 2003 to Server 2012 R2
- Retiring WINS after migrating from Windows Server 2003
- Exchange 2016 Installation Screenshots
- Windows Server Essentials 2016 Technical Preview 3 Microsoft Online Services Integration Part 1
- Windows Server 2012 DNS
- Improving Network Performance in Windows Server and Client
- Server Core: A better option when migrating from Server 2003
- Windows Server 2003 Migrations: Domain Rationalization