Windows Server 2012 For Dns Administration

990 WordsOct 8, 20154 Pages
Windows Server 2012 has added some new features for administrators. What are some of the advanced security configuration and the tools that are used in server 2012 for DNS administration? DNSSEC records: DNSKEY stores a zone’s public key. RRSIG holds the private key. NSEC proves non-existence of a DNS name. DS secures a delegation. DNSSec key master To be a key Master, the DNS server must be: A primary, authoritative server for the zone. Capable of online zone signing. A key master that is not a DC should only have the DNS Server role installed. Configuring DNS clients Transferring the key master Role The key Master role can be transferred if both servers are online. The User must have Domain Admins rights. Use the Reset-DnsServerZoneKeyMasterRole cmdlet. Seizing the key Master Role If the original server is offline, the key master role must be seized. The private key must be accessible. Use MakeCert –ss MS-DNSSEC –SR LocalMachine to store the private key locally. Other DNS Security Mechanisms Cache locking: Prevents hostname mappings from being modified after being cached. Socket pooling: Creates a pool of ports to be used by DNS instead of just port 53. As we know that DNS server service is not installed by default, it has to be added using either Power Shell, ADDS or via Server manager. List the steps that you will use to install DNS using Server Manager. Click Next on the
Open Document