Checklist: Distribute Trust Anchors
Applies To: Windows Server 2012 R2, Windows Server 2012
Checklist: Deploy DNSSEC > Checklist: Sign a Zone > Checklist: Distribute Trust Anchors
This checklist includes procedures to help you distribute trust anchors for a signed zone.
Before you complete the tasks in this checklist, make sure that you have performed the prerequisite tasks in the parent checklist, such as reviewing conceptual information about DNSSEC and signing a zone with the settings that you specify. You cannot distribute trust anchors until after a zone is signed with DNSSEC.
You must re-distribute trust anchors each time that a zone is re-signed unless re-signing occurs as part of an automatic key rollover and trust anchors are distributed automatically on key rollover (RFC 5011). Trust anchors can also be distributed automatically in Active Directory to all Active Directory-integrated DNS servers within the replication scope for the zone.
Note
Complete the tasks in this checklist in order. When a reference link takes you to a conceptual topic or to a subordinate checklist, return to this topic after you review the conceptual topic or after you complete the tasks in the subordinate checklist so that you can proceed with the remaining tasks in this checklist.
.jpeg)
Checklist: Distribute Trust Anchors
Task |
Reference |
|||
|---|---|---|---|---|
.jpeg)
|
Review concepts for managing trust anchors. |
|||
|
|
Enable automatic update of trust anchors on key rollover. |
|
||
|
|
Enable distribution of trust anchors in Active Directory. |
|||
|
|
Export and import trust anchors. |
|||
|
|
Manually add a trust anchor. |
|||
|
|
Deploy a root trust anchor. |
.jpeg)
.jpeg)
.jpeg)
Important