Hello experts,

I am trying to configure DNSSEC Validation on Server 2012 R2. I have already
configure the trust point by using the command Dnscmd.exe /RetrieveRootTrustAnchors.
However I am facing a wierd problem that is my server is a VPNserver and also acting
as self-DNS for that I have my Primary DNS Server on NIC is an ip from the pool
of IPs which I buyed from IANA. Users connected to my VPN Server and resolve names from
my Primary DNS IP. Whenever I tried to dig DNSSEC records using cygwin on my server
when the primary dns is set to the ip address from my pool the response on cygwin(Shell Emulator)
doesn't show the AD flag in the response but when I changed the Primary DNS to google DNS
the AD(Authenticated Data) flag shows up. Also the name resolution stops when the primary
DNS is not set to google DNS Server(8.8.8.8).

Any suggestions how to reolve thi issue.

Thanks