UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Windows 2012 DNS Server log must be enabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-58549 WDNS-AU-000005 SV-72979r3_rule Medium
Description
Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one. The actual auditing is performed by the OS/NDM, but the configuration to trigger the auditing is controlled by the DNS server.
STIG Date
Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide 2018-01-03

Details

Check Text ( C-59421r2_chk )
Log on to the DNS server using the Domain Admin or Enterprise Admin account.

Press Windows Key + R, execute dnsmgmt.msc.

Right-click the DNS server, select “Properties”.

Click on the “Event Logging” tab. By default, all events are logged.

Verify "Errors and warnings" or "All events" is selected.

If any option other than "Errors and warnings" or "All events" is selected, this is a finding.
Fix Text (F-63933r2_fix)
Log on to the DNS server using the Domain Admin or Enterprise Admin account.

Press Windows Key + R, execute dnsmgmt.msc.

Right-click the DNS server, select “Properties”.

Click on the “Event Logging” tab. By default, all events are logged.

Select the "Errors and warnings" or "All events" option.

Click on “Apply”.

Click “OK”.