Windows Server 2016 Accelerated DNSSEC Root Rollover HowTo
Thank you Ashu Kumar for helping me!

June 22 2017

Combined with the approaching rollover of the DNSSEC root key (introduction of new key 11 July 2017 and switchover 11 October 2017) and recently being pleasantly surprised by the number of Windows DNS resolver installations out there considering DNSSEC, I felt the need to run through the exercise of stress testing Win Server 2016 DNS against accelerated RFC5011 rollover https://icksk.dnssek.info/fauxroot.html (See here for Win Server 2012 R2). The platform follows the actual root key rollover steps in a continuous accelerated fashion and has been operation since 2015 testing against various resolvers specially configured to work with accelerated RFC5011.

Result: I saw no problems with Windows Server 2016 out of the box. The DNS server properly tracked continual accelerated root key rolls (ever 27 minutes) with no validation failures and keys recored in C:\windows\system32\dns\rfc5011.csv.

Although I know there are many much more expert than me in Windows DNS use and managment, for referrence I have documented the steps I took below.

Hope this helps - Rick Lamb