The Windows DNS Server log must be enabled.

An XCCDF Rule

Description

<VulnDiscussion>Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. The actual auditing is performed by the operating system/network device manager, but the configuration to trigger the auditing is controlled by the DNS server.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-259337r960879_rule
Severity: Medium
References: CCI-000169
Updated: 17 days ago

Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account.

Press the Windows key + R and execute "dnsmgmt.msc".

Right-click the DNS server and select "Properties".
Click the "Event Logging" tab. By default, all events are logged.

Select the "Errors and warnings" or "All events" option.

Click "Apply".

Click "OK".

The Windows DNS Server log must be enabled.

Description

Remediation - Manual Procedure