The Windows 2012 DNS Server must be configured to record, and make available to authorized personnel, who added/modified/deleted DNS zone information.

An XCCDF Rule

Description

<VulnDiscussion>Without a means for identifying the individual that produced the information, the information cannot be relied upon. Identifying the validity of information may be delayed or deterred. This requirement ensures organizational personnel have a means to identify who produced or changed specific information in transfers, zone information, or DNS configuration changes.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-215648r561297_rule
Severity: Medium
References: CCI-000366 CCI-001902
Updated: about 1 year ago

Log on to the DNS server using the Domain Admin or Enterprise Admin account or Local Administrator account.

If not automatically started, initialize the “Server Manager” window by clicking its icon from the bottom left corner of the screen.

On the opened “Server Manager” window, from the left pane, click to select “DNS”.
From the right pane, under the “SERVERS” section, right-click the DNS server.

From the displayed context menu, click the “DNS Manager” option.

Click on the “Event Logging” tab.

Select the "Errors and warnings" or "All events" option.

Click on “Apply”.

Click on “OK”.

The Windows 2012 DNS Server must be configured to record, and make available to authorized personnel, who added/modified/deleted DNS zone information.

Description

Remediation - Manual Procedure