We have a small corporate network, internal clinets recieve DNS via our two DCs, which both run DNS and use the root DNS serers to answer DNS queries. DO i need to make any changes with the upcoming DNSSEC being implmented? I couldnt find anything that directly answered that Q. I am not hosting any external websites.

Hi, Thanks for the post. Windows Server 2003 DNS provides basic support of the DNS Security Extensions (DNSSEC) protocol as defined in RFC 2535. The current feature support allows DNS servers to perform as secondary DNS servers for existing DNSSEC-compliant, secure zones. DNS supports the storing and loading of the DNSSEC-specific resource records (RRs). Currently, a DNS server is not capable of signing zones and resource records (creating cryptographic digital signatures) or validating the SIG RRs. The DNSSEC resource records are KEY, SIG, and NXT. You could refer to the following article to configure DNSSEC on Windows Server 2003. http://technet.microsoft.com/en-us/library/cc784518(WS.10).aspx Just for your information, Windows Server 2008 R2 DNS provides better support of the DNS Security Extensions (DNSSEC) protocol. You could check the following article: http://technet.microsoft.com/sv-se/library/ee649178(WS.10).aspx Hope this helps.