Windows 7 and DNS Security Extensions

Did you know that the DNS client in Windows 7 (like the DNS server in Windows Server 2008 R2) supports DNS Security Extensions (DNSSEC) as per RFCs 4033, 4034, and 4035 to validate the integrity of DNS records? Windows Server 2008 R2 can validate that a DNS record was generated by an authoritative DNS server and that the DNS record has not been modified. This ensures the integrity of DNS responses.

Authoritative DNS servers that support DNSSEC will sign a DNS zone cryptographically to generate digital signatures for all the resources records in the zone. The DNS client running Windows 7 is DNSSEC-aware and relies on its local DNS server for DNSSEC validation.

A Group Policy in Windows 7 (and Windows Server 2008 R2) can be used to store configuration settings for DNSSEC and Direct Access on DNS client computers. You can create or edit rules from Computer Configuration\Windows Settings\Name Resolution Policy.

To read more about DNSSEC go here – http://www.windowsecurity.com/articles/DNS-Security-Part-1.html

Windows 7 and DNS Security Extensions

Leave a Comment

Further Reading

Local Group Policy in Workgroup Environments

Accessing claims-enabled file shares on Windows 8

Having problems running applications on Windows 7?

6 Built-in security features of Windows 7

Windows 8 computer inactivity policy

Windows 8 machine account lockout policy

Block Microsoft accounts on Windows 8

Use PowerShell commands to find sources that are represented in the event log

Benefits of Data Tiering

What has really changed in Windows Server 2012?

Downloads

Categories

Command line Tips

News