Enable DNS Request Logging for Windows 2003 and above

Domain Name System (DNS) Request Logging allows IT personnel  (e.g., administrator) to locate a workstation or server, which is accessing malicious URL's or displaying Botnet (zombie) commands and control activity. These logs are captured and reported by our SecureSurf® network-level filtering feature.
 
 
DNS Request Logging is applicable for:
 
  • Windows Server 2003
  • Windows Server 2003 R2
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2

Procedure:

1. Open the Domain Name System Microsoft Management Console (DNS MMC) snap-in by going to Start, Programs, Administrative Tools, and then DNS Manager.
2. From the DNS Server, right-click the server and select the Properties submenu.



3. The Properties pop-window will appear on your screen.
4. Select the Debug Logging tab and the Log packets debugging check box, respectively.
5. Ensure that the Incoming, UDP, Queries/Transfers, and Request check boxes are selected.
 
NOTE: To ensure that the server's drive does not exceed capacity, it is recommended that the file be
placed on a drive with enough space with a max file size between 500MB and 1GB.



6. Click the OK button. 
 
 
Key Words:
CTN
Critical Threat Notification

Add Feedback