DNSSEC Deployment Planning
Applies To: Windows Server 2012 R2, Windows Server 2012
The following topics provide planning guidance. Review the information in these topics before you sign a DNS zone with DNSSEC:
Why DNSSEC: Consider the reasons why you want to deploy DNSSEC. Possible reasons include protection against spoofing attacks and compliance with government corporate policies.
Stage a DNSSEC Deployment: Before you fully deploy DNSSEC in a production environment, try signing a test zone.
DNSSEC Performance Considerations: DNSSEC signing and validation requires processor resources on DNS servers. DNSSEC-signed zones and DNS responses are also larger in size, requiring additional disk and network resources.
DNSSEC Requirements: Before you deploy DNSSEC, verify that your DNS infrastructure meets specifications.