1 / 4

DNSSEC in Windows Server

This project aims to implement DNSSEC support in Windows Server DNS to enable federal agencies to comply with NIST 800-53 security controls SC-20 and SC-21. The changes will ensure DNS servers support signed DNS records, recursive resolvers for authentication, and integrity checking of secure records. Key highlights include RFC implementation, support for RRSIG, NSEC, DNSKEY, DS, zone file signing tool, trust anchor support, and policies for returning only secure records to clients. Planning started in 2007 with beta in the middle and RTM in late 2007 or early 2008, aiming for general availability in the first service pack of Longhorn Server.

richardbishop
Download Presentation

DNSSEC in Windows Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DNSSEC in Windows Server

  2. DNS Server changes • Provide DNSSEC support in the DNS server • Changes should allow federal agencies to comply with SC-20 and SC-21 security controls proposed in NIST 800-53. • DNS servers support signed DNS records and return the signatures in response to queries (SC-20) • DNS servers support recursive resolvers that authenticate and check integrity of secure records (SC-21)

  3. DNS Server changes • Highlights • Implement core RFCs 4033, 4034, 4035 • Support for RRSIG, NSEC, DNSKEY, DS • Tool for signing DNS zone files. • Enable verification of chain of trust • Authentication and Integrity check of records • Enable support for trust anchors • Policy to return only secure records to clients. • Other policies under consideration.

  4. Our plans • Planning currently in progress • Beta: middle of 2007 • RTM: late 2007 or early 2008 • General availability by first service pack of Longhorn Server.

More Related