none
Log DNS record Creation / deletion events RRS feed

  • Question

  • Hi Team,

    we have 24 Domain controllers on different geographical location. all DC are windows 2012 R2 DC with Ad integrated DNS servers.

    we are looking a solution to save any DNS host record changes (like Host a record creation deletion or modification). please let me know better Auditing procedure to implement the same. also let us know what is the better sizing event log file size for windows 2012 without impacting the performance and much space utilization on domain controllers.

    Also this kind of logs will falls on which category ? like  security log under event viewer or  DNS  debugging path location ?

    Regards

    Baiju

    Wednesday, April 17, 2019 6:31 AM

All replies

  • Hi,

    DNS audit will record creation deletion or modification of DNS records.

    Event viewer>Applications and Services logs>Microsoft>windows>DNS-Server>Audit

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, April 18, 2019 1:26 AM
  • Thnak you for your reply.

    but we cannot see DNS -Server component  under Event viewer>Applications and Services logs>Microsoft>windows. 

    let us know how to enable dns component under Event viewer>Applications and Services logs>Microsoft>windows. 

    Regards

    Baiju Mathew

    Monday, April 22, 2019 1:55 AM
  • Hi,

    If you can't see DNS-server component, I would suggest you enable DNS record auditing manually.

    Please refer to the link below:

    https://blogs.technet.microsoft.com/askpfeplat/2013/10/12/who-moved-the-dns-cheese-auditing-for-ad-integrated-dns-zone-and-record-deletions/ 

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, April 22, 2019 8:27 AM
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, April 23, 2019 7:10 AM
  • its the same case for all Domain controllers. so we need to enable  DNS record auditing manually for all domain controllers ? or its a bug and any of the patch will resolve this issue ?
    Wednesday, April 24, 2019 1:35 AM
  • Hi,

    Yes, I find a hotfix for Windows 2012 r2.

    Please refer to the link below:

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn800669(v=ws.11)  

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, April 24, 2019 7:52 AM
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, May 2, 2019 5:22 AM
  • hi, Sorry for the delayed response. i was able to see the DNS server Audit now. i have one more question regarding DNS.log file size. for windows 2012 AD integrated domain controller what will be the maximum file size without much impact on the DC?. as we need to back up the DNS .log file regularly. so do we need to dependent on third party or is there nay alternate way to backup dns . log files regularlry from all Domain Controllers ? . we we have 24 AD integrated Dns servers.
    Thursday, June 6, 2019 9:08 AM
  • Hi,

    Do you mean debug logging or event logging?

    Log files do not affect DCs because they are stored on the local. 

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, June 6, 2019 9:46 AM