Checklist: Deploy DNSSEC Policies to DNS Clients

 

Applies To: Windows Server 2012 R2, Windows Server 2012

Checklist: Deploy DNSSEC > Checklist: Sign a Zone > Checklist: Distribute Trust Anchors > Checklist: Deploy DNSSEC Policies to DNS Clients

This checklist includes procedures to help you deploy name resolution policy to DNS clients on your network by using the Name Resolution Policy Table (NRPT).

Before you complete the tasks in this checklist, make sure that you have performed the prerequisite tasks in the parent checklist, such as reviewing conceptual information about DNSSEC, signing a zone, and deploying trust anchors. If you deploy name resolution policy to DNS clients before you have signed a zone and have deployed trust anchors, you can break DNS resolution on your network.

Note

Complete the tasks in this checklist in order. When a reference link takes you to a conceptual topic or to a subordinate checklist, return to this topic after you review the conceptual topic or after you complete the tasks in the subordinate checklist so that you can proceed with the remaining tasks in this checklist.

  Checklist: Deploy DNSSEC Policies to DNS Clients

Task

Reference

Review concepts about security-aware DNS clients and the NRPT.

DNS Clients

The NRPT

Configure name resolution policy.

Procedure: Configure the NRPT

Review name resolution policy settings.

Procedure: Verify Name Resolution Policy

See also

Overview of DNSSEC

DNSSEC in Windows

DNSSEC Deployment Planning

Appendix A: DNSSEC Terminology

Appendix B: Windows PowerShell for DNS Server