none
DNS Audting RRS feed

  • Question

  • Hi to all. I have enabled DNS auditing as described below. To test I created a DNS Host A record then deleted (from DNS mmc snap in). Nothing was logged in the Windows Security log?

    Enable auditing on the DNS zone if the zone is in the DomainDnsZones partition:

    a) Open ADSIEdit (Start, Run, adsiedit.msc)
    b) Right-click ADSI Edit, and connect to the DC=DomainDnsZones,DC=<domain>,DC=<top level domain> container
    c) Expand MicrosoftDNS, and navigate to the location of the DNS zone
    d) Right-click the zone and choose Properties
    e) On the Security tab, click the Advanced button
    f) Select the Auditing tab, and click Add
    g) Under User or Group, type in Everyone
    h) On the Object tab, select Success and Failure for access types Write All Properties, Read All Properties, Delete, and Delete Subtree

    Any thoughts as to why I am not seeing DNS events in the log?

    Kind Regards,

    Phil.


    Tuesday, May 24, 2016 1:37 PM

Answers