A. Server 2008 R2 introduces support for DNSSEC, which allows the use of keys to ensure the integrity and source of DNS data. The TrustAnchors zone stores preconfigured public keys that are associated with a specific zone. You can view and modify these preconfigured keys by selecting Properties of the DNS server within the DNS MMC snap-in and selecting the Trust Anchors tab.
By default, the TrustAnchors zone won't exist, so if you have the zone it means someone has enabled DNSSEC in your environment and may have configured some trust anchors. So check the content and make sure it's valid.
- Q. What happens when a read-only domain controller (RODC) that's a DNS server receives a DNS write request from a client?
- Why You Need Windows Server 2008 R2
- Control Windows Features with DISM
- Q: Do I need to upgrade to Windows Server 2008 from Windows Server 2003 to get Alternative Name (SAN) certificate support?
Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.