Skip to content

Commit eb7742a

Browse files
committed
add preview message to howtos
1 parent 5535cfa commit eb7742a

File tree

3 files changed

+9
-1
lines changed

3 files changed

+9
-1
lines changed

articles/dns/dnssec-how-to.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,10 @@ This article shows you how to sign your DNS zone with [Domain Name System Securi
1414

1515
To remove DNSSEC signing from a zone, see [How to unsign your Azure Public DNS zone](dnssec-unsign.md).
1616

17+
> [!NOTE]
18+
> DNSSEC zone signing is currently in PREVIEW.<br>
19+
> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
20+
1721
## Prerequisites
1822

1923
* The DNS zone must be hosted by Azure Public DNS. For more information, see [Manage DNS zones](/azure/dns/dns-operations-dnszones-portal).

articles/dns/dnssec-unsign.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,10 @@ This article shows you how to remove [Domain Name System Security Extensions (DN
1414

1515
To sign a zone with DNSSEC, see [How to sign your Azure Public DNS zone with DNSSEC](dnssec-how-to.md).
1616

17+
> [!NOTE]
18+
> DNSSEC zone signing is currently in PREVIEW.<br>
19+
> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
20+
1721
## Prerequisites
1822

1923
* The DNS zone must be hosted by Azure Public DNS. For more information, see [Manage DNS zones](/azure/dns/dns-operations-dnszones-portal).

articles/dns/dnssec.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,7 @@ The DNSSEC validation process works with trust anchors as follows:
9292
- If the DS record is found, the recursive DNS server performs DNSSEC validation.
9393
- If the recursive DNS server determines that the parent zone doesn't have a DS record for the child zone, it assumes the child zone is insecure and doesn't perform DNSSEC validation.
9494
- If multiple recursive DNS servers are involved in a DNS response (including forwarders), each server must be able to perform DNSSEC validation on the response so that there is an unbroken chain of trust.
95+
- Recursive servers that have DNSSEC validation disabled or aren't DNSSEC-aware don't perform validation.
9596

9697
## Chain of trust
9798

@@ -109,7 +110,6 @@ Recursive DNS servers (also called resolving or caching DNS servers) maintain a
109110
- The trust anchor is a DNSKEY record, or DS record containing a [hash](/dotnet/standard/security/ensuring-data-integrity-with-hash-codes) of a DNSKEY record. The DNSKEY record is created on an authoritative server when a zone is signed, and removed from the zone if the zone is unsigned.
110111
- Trust anchors must be manually installed on recursive DNS servers.
111112
- If a trust anchor for a parent zone is present, a recursive server can validate all child zones in the hierarchical namespace. This includes forwarded queries. To support DNSSEC validation of all DNSSEC-signed DNS zones, you can install a trust anchor for the root (.) zone.
112-
- Recursive servers that have DNSSEC validation disabled or aren't DNSSEC-aware don't perform validation.
113113

114114
## DNSSEC-related resource records
115115

0 commit comments

Comments
 (0)