Any audit option to monitor who/when DNS records get deleted?

Any audit option to monitor who/when DNS records get deleted?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Any audit option to monitor who/when DNS records get deleted? Marlon Brown 02-12-2007
Posted by Marlon Brown on February 12, 2007, 12:25 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Win2003 AD, DNS-ADI servers.

For the second time, I a certain A host 'disappears' from the DNS server. No
administrator took responsibilities for the deletion.

Is there any way to track when and how DNS entries are deleted from the DNS
servers? In my case I have only two DNS-ADI servers. I have total of 6
administrators with rights for deleting DNS records.



Posted by Mark Burnett on February 12, 2007, 12:46 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
From the DNS management console, using the DNS server properties, you can
use the advanced security options to set auditing. That way you will get an
event log entry when someone changes a setting.

You might also be able to set ntfs auditing on the dns zone file or auditing
on the zone registry keys, depending on how you have it set up. In fact, you
could even set file auditing on the icon shortcut itself to see who is
clicking on it.


Mark Burnett
http://xato.net



> Win2003 AD, DNS-ADI servers.
>
> For the second time, I a certain A host 'disappears' from the DNS server.
> No administrator took responsibilities for the deletion.
>
> Is there any way to track when and how DNS entries are deleted from the
> DNS servers? In my case I have only two DNS-ADI servers. I have total of 6
> administrators with rights for deleting DNS records.
>


Posted by Roger Abell [MVP] on February 14, 2007, 7:34 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Note that further considerations would apply if the DNS
zone is AD integrated, in which case the auditing would
need to be set on the DNS objects in AD.

> Win2003 AD, DNS-ADI servers.
>
> For the second time, I a certain A host 'disappears' from the DNS server.
> No administrator took responsibilities for the deletion.
>
> Is there any way to track when and how DNS entries are deleted from the
> DNS servers? In my case I have only two DNS-ADI servers. I have total of 6
> administrators with rights for deleting DNS records.
>



Similar ThreadsPosted
Server 2003 failed logon/logoff audit records December 2, 2005, 4:29 pm
Netbios records (602 lifetime) June 8, 2006, 11:11 am
Disable shutdown option August 24, 2005, 2:35 pm
best exchange secured option January 11, 2006, 9:24 am
exchange best secured option January 11, 2006, 9:26 am
How does runas with /netonly option work? February 8, 2006, 8:12 am
Windows Update - why no email notification option? April 15, 2006, 4:41 pm
Security control on option of Inherit from parent the permission e November 5, 2008, 4:09 am
Users cannot modifie files with disable option delete subfolders f December 12, 2007, 11:45 am
Posting deleted? August 7, 2005, 4:30 pm

The site map in XML format XML site map

Contact Us | Privacy Policy