Installing DNSSEC on Windows 2016 Server

**In this Video we will: **

• We will demonstrate a step-by-step hands on installation of Windows DNS Security.
• We will define technical terms you will need as we progress through the installation.
• At the completion of this lecture you will gain valuable-work related knowledge and experience by utilizing and implementing the steps given in this lecture.

**Prerequisites: You must have access to or have installed in your lab the following: **

• One Windows 2016 Server with Active Directory installed and promoted to a domain controller (DNS installs automatically).
• Or a VM with the identical configuration.** **
• Don’t forget to download the supplemental information that I have supplied with this lecture.** **

Adequate permissions will be needed.

• To configure a DNS server that is running on a domain controller, you must be a member of the DNS Administrators, Domain Administrators, or Enterprise Administrators group.

**Windows DNSSEC Installation **

Open Server Manager , tools, DNS, double click on the forward lookup zone. In this case I right click DNS.COM, highlight DNSSEC, then click Sign the Zone.

**The Zone signing Wizard is displayed, click next **

First we will use the default settings then go back and customize the signing options to give you a more thorough understanding of the installation.

Choose the default settings , click next, next again, then finish. From the DNS manager press F5. A lock is displayed on our zone telling us that our zone has been signed.

Click on DNS.COM and view all the new records displayed. Right click on the Zone (DNS.COM) highlight DNSSEC and you will see “Unsign the Zone”. This also shows that the zone has been signed. Click Unsign the Zone, click Next, then finish. Click F5, Now the zone has been unsigned and there are fewer records in the zone.

Now let’s go back to the Zone Signing wizard and explore the Custom installation. right…