Over the past week or so I was a bit blindsided by the new mandate to implement DNSSEC for external DNS by 12/0209 and internally by 5/2010. I have been researching options with only a few solutions available.My first question is if DNSSEC will be fully implemented in Windows 2008 in the very near future? If so what steps are being taken to provide the management pieces to successfully implement it in one's environment.Second question is if anyone has deployed 2008 core to do external DNS services? We are currently on BIND 8.x and Solaris 9.x and want to be able to deploy DNSSEC successfully without having to dedicate full time resources just to manage DNS. There are appliances like Secure64 and BlueCat but they are pretty expensive for a DNS appliance IMO. Any thoughts are greatly appreciated.

From what I have read, DNSSEC is to be implemented in Windows Server 2008 R2. I have never configured DNSSEC in any of my environments. Our BIND servers do not replicate with our Windows DNS servers and all of our Windows DNS zones are secured withAD-integration.From what I know about DNSSEC, you can use certificates to provide a trusted connection between the DNS servers. In this case, a PKI would be needed. If DNSSEC supports pre-shared keys, then you wouldn't need a CA.