Different deployment stages of DNS

[Sandroo]

What are the different stages involved in deployment stages of a DNS. I need a detailed information on this. What are the all stages which comes under this. Also what is the way to identify a secure dns zone. And on the same hand I am also trying to get a steps for signing securely and protecting a private key and additional information about the related topic will be better.

[Jackson2]

You can be suggested that you organize DNSSEC in phases or stages, as exposed. Depending on the difficulty of your surroundings, you may desire to constraint the primary operation to a small number of domains before you organize DNSSEC broadly. Permit at least 2-3 days connecting every stage. The first thing is to improve DNS servers to Windows Server 2008 R2, then organize DNSSEC on servers, arrange and allocate trust anchors, arrange IPsec policy on the servers and also arrange IPsec and DNSSEC on clients.

[Techno01]

If you are not going to organize the DNSSEC with IPsec, you can pay no attention to the stage IV and the IPsec segment of stage V and basically arrange the DNSSEC. You have to keep in mind that in this model, presumptuous that the channel connecting the local DNS server and the client is implied. Before you organize DNSSEC, recognize the DNS zones that must be protected, but keep in mind that once they are signed, the zones will no longer be capable to take delivery of dynamic updates.

[Trio]

Most of them are not suggested to signing of an Active Directory domain zone for the reason that the determination necessitates for the physical update of all SRV evidence or the documentation and the additional resource records. Be sure you also recognize all DNS servers that host every zone. Previous the zone can be signed; these servers have to be improved to use DNSSEC.

[deveritt]

Like any additional sanctuary model relying on public key cryptography, it is very important that confidential DNSSEC signing keys are kept protected. By description, the public key can be prepared extensively obtainable; it does not necessitate to be protected. On the other hand, if the private key is cooperated, a rogue DNS server can pretense as the real reliable or dependable server for a signed zone.

[Techguru01]

For that specific reason that is mention above the following is recommended. Make sure that the generation of keys, the storing of the private key, and the signing of zones is performed on a DNS server that physically secure and whose access is restricted to essential personnel only. Store at least one backup copy of the private key on a different computer. For more information about how to perform this backup, see section 6.5. The DNS service must be installed on that computer so that you can access the signing tool using Dnscmd.exe.