- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Windows Server 2003
- >
- Audit DNS lookups on Windows 2003
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2003 08:58 AM
тАО08-19-2003 08:58 AM
I want to audit who is doing DNS lookups on some/all records in a zone.
Scenario: We are moving to a new DNS suffix called new.com. Our old zone old.com shouldn't be in use and no lookups should be made towards that zone but we want to make sure no servers nor clients are doing lookups to old.com. Can this be done?
It's possible to turn on Audit on each and every record even but when I do nslookup from our clients, nothing is found in the Security log. However, if I open the A-record in DNS-admin/change it/whatever, it is logged in the Security logs.
Any other ideas about this except just deleting old.com and hoping for the best? ;)
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2003 11:55 AM
тАО08-19-2003 11:55 AM
Re: Audit DNS lookups on Windows 2003
You could also use Snort which is a free intrusion detection program and tell it to look for DNS access attempts to the old server.
www.snort.org.
You could also run windump/tcpdump on the old DNS and let it monitor all incoming traffic.
Ron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-21-2003 09:47 PM
тАО08-21-2003 09:47 PM
Re: Audit DNS lookups on Windows 2003
But in the end I have ONE server that serves both old.com and new.com. We want old.com to be removed but don't know which servers that still queries that zone. I want to monitor which servers that asks the DNS-server for old.com but NOT new.com.
I guess I could setup snort/tcpdump and then output everything to a file and do some filtering but I was thinking if there's an easier way ;)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-21-2003 09:48 PM
тАО08-21-2003 09:48 PM
Re: Audit DNS lookups on Windows 2003
But in the end I have ONE server that serves both old.com and new.com. We want old.com to be removed but don't know which servers that still queries that zone. I want to monitor which servers that asks the DNS-server for old.com but NOT new.com.
I guess I could setup snort/tcpdump and then output everything to a file and do some filtering but I was thinking if there's an easier way ;)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-21-2003 09:48 PM
тАО08-21-2003 09:48 PM
Re: Audit DNS lookups on Windows 2003
But in the end I have ONE server that serves both old.com and new.com. We want old.com to be removed but don't know which servers that still queries that zone. I want to monitor which servers that asks the DNS-server for old.com but NOT new.com.
I guess I could setup snort/tcpdump and then output everything to a file and do some filtering but I was thinking if there's an easier way ;)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-06-2004 10:41 PM
тАО05-06-2004 10:41 PM
SolutionYou can use the DNS Debug logging from the properties of your Windows 2003 DNS Server snap-in adn chose what kind of packets you want to log(update,query,notifications,tcp,udp, request, respons,etc)
Watch out for the log file size, it tends to grow really fast.
Hope this helps you...
Luca