DNSSEC in Windows 7

re: DNSSEC in Windows 7

Lutz Donnerhacke — Mon, 03 Nov 2008 14:57:32 GMT

Congratulations. I'll hope that your implementation works as expected.

re: DNSSEC in Windows 7

anonymous — Wed, 12 Nov 2008 21:57:26 GMT

Any support for BIND-like wildcard support and recursion ACL?

re: DNSSEC in Windows 7

Brett Carr — Thu, 04 Dec 2008 17:34:39 GMT

Having been both an Admin of a large AD installation and also deployed DNSSEC on the reverse tree for the RIPE NCC, this is very interesting and exciting, hope it all comes together in Windows 7, I'll look forward to getting it up and running.

Brett

re: DNSSEC in Windows 7

sseshad — Thu, 04 Dec 2008 20:00:57 GMT

Re - anonymous' comment - yes, MS DNS does support wildcards. I'm not sure what you mean by recursion ACLs - could you explain?

re: DNSSEC in Windows 7

sseshad — Thu, 04 Dec 2008 20:01:22 GMT

Thanks Brett! What has your experience with DNSSEC been like so far?

re: DNSSEC in Windows 7

Joe — Thu, 22 Jan 2009 21:35:58 GMT

So I downloaded the 2008 R2 beta.

How do I sign (DNSSEC) a zone?

Can't find any menu options or external tools...

re: DNSSEC in Windows 7

sseshad — Mon, 16 Feb 2009 20:47:09 GMT

The DNSSEC deployment guide (Beta) is here: http://www.microsoft.com/downloads/details.aspx?FamilyID=7a005a14-f740-4689-8c43-9952b5c3d36f&DisplayLang=en

Instructions on how to perform key generation and signing of zones can be found in there.

re: DNSSEC in Windows 7

bretc — Mon, 09 Mar 2009 23:01:05 GMT

I have a 2003 AD/DNS configuration. I am also running Windows 7. The other day I made some changes to my 2003 DNS from my W7 client and about three hours later Operations Manager started sending alerts out because of configuration issues with trust anchors. I logged into the DNS server and I noticed that a new zone had been created called Trust Anchors. Did my W7 client auto create this zone when I managed the DNS settings? Should this have caused OpsMgr to send out errors (or is something wrong w/ my DNS setup that was only brought to light after this zone was created?). Any comments/suggestions are appreciated. Thanks.

re: DNSSEC in Windows 7

sseshad — Sat, 21 Mar 2009 00:11:49 GMT

Hmm...very interesting. Your DNS servers are 2003? Trust Anchors is only supported in 2008 R2 and shouldn't show up in 2003.

You can grab my email address from this blog. Feel free to email me with more details if you have them and we'd be happy to take a look here.

re: DNSSEC in Windows 7

gruvenn — Sat, 18 Apr 2009 00:02:05 GMT

I just noticed the same thing in my Server 2003 DNS, there is now a TrustAnchors zone with all my Domain controllers listed. One or two of my admins were using Windows 7 for a while. I assume Windows 7 comes with Server 2008 Admin tools? So would editing a 2003 server with these tools create the zone? Will it cause any problems? I have searched online for a while and this was the first mention of the issue I could find. Thanks.

re: DNSSEC in Windows 7

anonymous — Sun, 26 Jul 2009 22:23:57 GMT

Is it possible to set "allow-recursion" ACL like BIND to disallow recursive queries on source IPs that don't match the ACL?