Sign up to access this lesson
Click here to sign up and get access to this lesson!

Saving Progress...
In this Video we will:
- We will demonstrate a step-by-step hands-on Windows DNS Security (DNSSEC) client installation.
- We will define technical terms you will need as we progress through the installation.
- At the completion of this lecture you will gain valuable-work related knowledge and experience by utilizing and implementing the steps given in this lecture.
Prerequisites: You must have access to or have installed in your lab the following:
- One Windows 2016 Server with Active Directory installed and promoted to a domain controller (DNS installs automatically).
- Or a VM with the identical configuration.
- Some experience with Active Directory Group Policy Management Console would be helpful.
- Don’t forget to download the supplemental information that I have supplied with this lecture.
Adequate permissions will be needed
- To configure a DNS server that is running on a domain controller, you must be a member of the DNS Administrators, Domain Administrators, or Enterprise Administrators group.
Windows DNSSEC Client Installation
Windows client computers normally don’t try to validate DNS data, they must be told to validate the data. The best way to integrate DNSSEC into your clients is by using group policy.
Here is an overview of this lecture:
- We will create an OU called Protected Clients.
- Create a Group Policy Object called NRPT, which means, (Name Resolution
Policy Table)
This policy will state that any computer that is part of this OU must use DNS security validation.
- Configure the NRPT policy to define what part of the DNS environment this policy will affect.
- Create an OU called Protected Clients
Open server management, tools, Group Policy Management.
Double click Domains, in this case I highlight DNS.COM. Right click on DNS.COM, New Organizational Unit, type Protected Clients, click OK.

Double click DNS.COM, our Protected Clients OU is displayed.

- Create a Group Policy Object called NRPT Settings
Highlight the new OU Protected Clients, right click and select Create a GPO in this Domain. Type NRPT Settings, click ok
In this example, it is important to understand that this policy will only apply to computers that are in the Protected Clients OU and below.

- Configure the NRPT policy.
- Right click NRPT settings, then select edit. Under Computer Configuration double click Policies, double click windows settings, double click Name Resolution Policy. The Name Resolution Policy configuration page is displayed.

- Click the down arrow in the suffix box. Each choice will be explained. Suffix: In our example DNS.COM is the suffix.
Prefix: Is the hostname for example – SVR-US-DNS1 is the prefix.
FQDN – In our example the FQDN of the host is SVR-US-DNS1.DNS.COM Subnet (IPv4) Select this if you are configuring a policy for reverse IPv4 lookup queries.
Subnet (IPv6) - Select this if you are configuring a policy for reverse IPv6 lookup queries.
Any – If any is selected then all queries will be controlled by the policy you set for this NRPT entry.

We choose Suffix, then type DNS.COM
- Under DNSSEC check enable DNSSEC, under Validation check Require DNS clients to check that name and address data has been validated by the DNS server.
- Check IPSEC – This scrambles the communication between the DNS client and the DNS server. From Encryption type click the down arrow and select High: AES (192,256)

- Click the create button, scroll down, then click apply.

The Name Resolution Policy Table is now ready for use
The last thing you need to do is open ADUC and move some computers over to the Protected Clients OU. Go back to Server Manager, tools, ADUC. Click the computers container, highlight the computers that you want secured and move them over to the Protected Clients OU. In my case I highlight BPhilips, hold the shift key down, select rhill, let go of the shift key, right click and drag the computers to the Protected Clients OU, then click move. Now when one of these computers logs onto the domain the policy we just created will run on that computer.
Sign up to access the rest of this lesson
You must either log in or sign up to access this lesson.
CURRICULUM
Course Introduction • 10min
0 / 2 lessons complete
Instructor and Course Introduction
Video | 7 min
What's New in Windows Server 2016 DNS
Free lesson
Video | 3 min
DNS Basics • 56min
0 / 8 lessons complete
What is DNS
Video | 3 min
Installing the DNS Windows Server Role
Video | 6 min
Building DNS Server Quiz
Quiz | 10 Questions
The Hosts File
Video | 4 min
DNS Console Overview
Video | 7 min
Recursive and Iterative Queries
Video | 8 min
DNS Basics LAB
Video | 10 min
DNS Basics Quiz
Quiz | 8 Questions
DNS Resource Records • 45min
0 / 5 lessons complete
DNS Resource Record Types
Video | 3 min
Creating the mytestzone Forward Lookup Zone
Text | 2 min
Creating DNS Resource Records
Video | 4 min
Creating DNS Resource Records Lab
Lab | 30 min
DNS Resource Records Quiz
Quiz | 7 Questions
DNS Zones • 4hr 11min
0 / 12 lessons complete
DNS Zones
Video | 4 min
Creating a Forward and Reverse Lookup Zone
Video | 5 min
Creating a Secondary Zones
Video | 9 min
Stub Zone Creation
Video | 11 min
Active Directory Zone Replication
Video | 12 min
Implementing DNS Forwarding
Video | 8 min
Implementing Conditional DNS Forwarding
Video | 7 min
Forward and Reverse Zone Creation Lab
Lab | 60 min
Creating a Secondary Zone Lab
Lab | 30 min
Conditional Forwarding Lab
Lab | 60 min
Creating a Stub Zone Lab
Lab | 30 min
DNS Zones Quiz
Quiz | 15 Questions
DNS Delegation • 50min
0 / 4 lessons complete
Domain Name System and DNS Delegation
Video | 7 min
Windows 2016 Server and DNS Zone Delegation
Video | 8 min
DNS Delegation Lab
Lab | 30 min
QUIZ - Domain Name System and DNS Delegation
Quiz | 5 Questions
DNS Security Techniques • 36min
0 / 5 lessons complete
DNS Security Techniques Overview
Video | 9 min
Configuring DNS Cache Locking
Video | 5 min
Configuring DNS Socket Pools
Video | 6 min
Configuring Response Rate Limiting
Video | 8 min
DNS Security Techniques Quiz
Quiz | 8 Questions
Advanced DNS Topics • 22min
0 / 5 lessons complete
Overview of Advanced Topics
Video | 1 min
Enabling Round Robin and Netmask Ordering
Video | 5 min
Configuring Recursion
Video | 4 min
IPV4 and IPV6 Root HInts
Video | 6 min
Advanced DNS Topics Quiz
Quiz | 6 Questions
DNS Security (DNSSEC) • 1hr 16min
0 / 6 lessons complete
Windows DNS Security Overview
Video | 7 min
Symmetric vs Asymmetric Encryption
Video | 5 min
Installing DNSSEC on Windows 2016 Server
Video | 12 min
DNSSEC Client Install
Video | 7 min
DNSSEC (DNS Security Lab)
Lab | 30 min
DNSSEC Quiz
Quiz | 15 Questions
DNS Policies • 55min
0 / 6 lessons complete
DNS Policies Background Information
Video | 8 min
Configuring DNS Filtering
Video | 7 min
Configuring Split Brain DNS in an Active Directory Environment
Video | 12 min
Configuring DNS Selective Recursion Policy
Video | 7 min
Configuring a Traffic Management Policy
Video | 11 min
DNS Policies Quiz
Quiz | 10 Questions
PowerShell for DNS • 1hr 27min
0 / 6 lessons complete
PowerShell for DNS Part 1
Video | 2 min
PowerShell for DNS Part 2
Video | 5 min
PowerShell for DNS Part 3
Video | 10 min
PowerShell for DNS Part 4
Video | 5 min
PowerShell for DNS LAB
Lab | 60 min
Powershell for DNS Quiz
Quiz | 5 Questions
Troubleshooting DNS Issues - Troubleshooting Tools • 1hr 39min
0 / 8 lessons complete
Troubleshooting Tools Every IT Pro Must Know
Video | 9 min
The Events Viewer Overview
Video | 6 min
Subscriptions
Video | 9 min
Monitoring and Debug Logging
Video | 9 min
Trouble-Shooting DNS Client Issues
Video | 4 min
Troubleshooting Subscriptions Lab
Lab | 30 min
DNS Troubleshooting Lab
Lab | 30 min
DNS Troubleshooting Quiz
Quiz | 2 Questions