Enable DNS Request Logging for Windows 2003 and above

Domain Name System (DNS) Request Logging allows IT personnel  (e.g., administrator) to locate a workstation or server, which is accessing malicious URL's or displaying Botnet (zombie) commands and control activity. These logs are captured and reported by our SecureSurf® network-level filtering feature.

DNS Request Logging is applicable for the following Windows Servers:

  2003, 2003 R2, 2008, 2008 R2, 2012, & 2012 R2

Procedure:

1. Open the Domain Name System Microsoft Management Console (DNS MMC) snap-in by going to Start, Programs, Administrative Tools, and then DNS Manager.
2. From the DNS Server, right-click the server and select the Properties submenu.
3. The Properties pop-window will appear on your screen.
4. Select the Debug Logging tab and the Log packets debugging check box, respectively.
5. Ensure that the Incoming, UDP, Queries/Transfers, and Request check boxes are selected. 
(NOTE: To ensure that the server's drive does not exceed capacity, it is recommended that the file be placed on a drive with enough space with a max file size between 500MB and 1GB.)
6. Click the OK button. 

Key Words: CTN & Critical Threat Notification

Add Feedback