Checklist: Revert to an Unsigned Zone
Applies To: Windows Server 2012 R2, Windows Server 2012
Checklist: Deploy DNSSEC > Checklist: Sign a Zone > Checklist: Distribute Trust Anchors > Checklist: Deploy DNSSEC Policies to DNS Clients > Checklist: Revert to an Unsigned Zone
This parent checklist includes links to procedures that help you complete the required tasks.
Before you complete the tasks in this checklist, make sure that you have performed the prerequisite tasks in the parent checklist.
Note
Complete the tasks in this checklist in order. When a reference link takes you to a conceptual topic or to a subordinate checklist, return to this topic after you review the conceptual topic or after you complete the tasks in the subordinate checklist so that you can proceed with the remaining tasks in this checklist.
.jpeg)
Checklist: Revert to an Unsigned Zone
Task |
Reference |
|
|---|---|---|
.jpeg)
|
Review concepts about the consequences of unsigning a zone. If trust anchors are deployed, or name resolution policy requires validation, DNS resolution can fail when a zone is unsigned. |
|
|
|
Configure the NRPT so that validation is not required for the zone. |
|
|
|
Verify that name resolution policy does not require DNSSEC validation for the zone. |
|
|
|
Remove trust anchors for the zone from validating DNS servers. |
|
|
|
Unsign the zone. |
|
|
|
Verify that DNS clients can resolve names in the domain. |
.jpeg)
.jpeg)