Lesson 3: Implementing DNSSEC

DNS does not strongly validate the source of the information received through its queries. As a result, attackers can use methods such as DNS cache poisoning to provide forged data to DNS clients and trick these clients into visiting spoofed sites or addresses.

DNSSEC was created to stop the threat of forged DNS data. DNSSEC is an optional DNS server feature that provides digital signatures for its records and validates the signatures received from other DNSSEC-enabled servers. In Windows networks, DNSSEC is used as a server-to-server protocol that validates responses on behalf of Windows 7 clients.

Support for the latest version of DNSSEC is new to Windows Server 2008 R2 and Windows 7.

Get Self-Paced Training Kit (Exam 70-642): Configuring Windows Server® 2008 Network Infrastructure now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.