Saturday, February 7, 2009

EnableDnsSec Registry Key

This registry key value restricts all or few dnssec resource records to be included in dns query responses. By Default(Reg key doesn't exists), DNSSEC resource records include for only queries which contain OPT resource record.

Key Name: EnableDnsSec
Type: dword
Default: 0x1
Range: [0x1..0x2]
Functionality: restricts dnssec resource records to be include in query responses.
Location: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"

If reg value 0xo, then dnssec resource records are included in responses for only queries which contain requests for any of SIG, KEY or NXT resource records.
If reg value 0x1, then resource records include for only queries which contain OPT resource records.
If reg value 0x2, then DNSSEC resource records in all query responses.

Note: Incorrect edition of registry key may have adverse effect on dns system. Just save Last Known Good Configuration startup option before making any changes to this key. In any adverse cases, start system with last know good configuration.

Relevant Posts:
Set enablednssec on command line

0 comments:

Design by infinityskins.blogspot