I would like to deploy a standalone (non Active Directory) Microsoft 2012 R2 DNS server using a DNSSEC signed zone for our external domain name. When we used DNSSEC with bind and GoDaddy, I set a longer than average key expiration and then uploaded the DS key to GoDaddy (see here: http://support.godaddy.com/help/article/6115/managing-dnssec-for-your-domain-name).
I have a couple of questions:
1) When walking through the DNSSEC wizard, if I wanted to set the interval before refreshing the key with GoDaddy to 2 years, which option would I set?
2) When the zone is signed, there are what look like dozens of new records added, which of these is the key I'd upload to GoDaddy?