Windows 7 and DNS Security Extensions
Did you know that the DNS client in Windows 7 (like the DNS server in Windows Server 2008 R2) supports DNS Security Extensions (DNSSEC) as per RFCs 4033, 4034, and 4035 to validate the integrity of DNS records? Windows Server 2008 R2 can validate that a DNS record was generated by an authoritative DNS server and that the DNS record has not been modified. This ensures the integrity of DNS responses.
Authoritative DNS servers that support DNSSEC will sign a DNS zone cryptographically to generate digital signatures for all the resources records in the zone. The DNS client running Windows 7 is DNSSEC-aware and relies on its local DNS server for DNSSEC validation.
A Group Policy in Windows 7 (and Windows Server 2008 R2) can be used to store configuration settings for DNSSEC and Direct Access on DNS client computers. You can create or edit rules from Computer Configuration\Windows Settings\Name Resolution Policy.
To read more about DNSSEC go here – http://www.windowsecurity.com/articles/DNS-Security-Part-1.html