STIGQter STIGQter: STIG Summary: Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 24 Jan 2020: The Windows 2012 DNS Server log must include the source of events within the log records.

DISA Rule

SV-72997r3_rule

Vulnerability Number

V-58567

Group Title

SRG-APP-000098-DNS-000009

Rule Version

WDNS-AU-000013

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Log on to the DNS server using the Domain Admin or Enterprise Admin account.

Press Windows Key + R, execute dnsmgmt.msc.

Right-click the DNS server, select Properties.

Click on the Event Logging tab. By default, all events are logged.

Select the "Errors and warnings" or "All events" option.

Click on Apply.

Click on OK.

For Windows 2012 R2 DNS Server, run eventvwr.msc at an elevated command prompt.

In the Event viewer, navigate to the applications and Services Logs\Microsoft\Windows\DNS Server.

Right-click DNS Server, point to View, and then click "Show Analytic and Debug Logs".

Right-click Analytical and then click on Properties.

Select the "Enable logging" check box.

Click on OK.

Check Contents

Log on to the DNS server using the Domain Admin or Enterprise Admin account.

Press Windows Key + R, execute dnsmgmt.msc.

Right-click the DNS server, select Properties.

Click on the Event Logging tab. By default, all events are logged.

Verify "Errors and warnings" or "All events" is selected.

If any option other than "Errors and warnings" or "All events" is selected, this is a finding.

For Windows 2012 R2 DNS Server, the Enhanced DNS logging and diagnostics in Windows Server 2012 R2 must also be enabled.

Run eventvwr.msc at an elevated command prompt.

In the Event viewer, navigate to the applications and Services Logs\Microsoft\Windows\DNS Server.

Right-click DNS Server, point to View, and then click "Show Analytic and Debug Logs".

Right-click Analytical and then click on Properties.

Confirm the "Enable logging" check box is selected.

If the check box to enable analytic and debug logs is not enabled on a Windows 2012 R2 DNS server, this is a finding.

Vulnerability Number

V-58567

Documentable

False

Rule Version

WDNS-AU-000013

Severity Override Guidance

Log on to the DNS server using the Domain Admin or Enterprise Admin account.

Press Windows Key + R, execute dnsmgmt.msc.

Right-click the DNS server, select Properties.

Click on the Event Logging tab. By default, all events are logged.

Verify "Errors and warnings" or "All events" is selected.

If any option other than "Errors and warnings" or "All events" is selected, this is a finding.

For Windows 2012 R2 DNS Server, the Enhanced DNS logging and diagnostics in Windows Server 2012 R2 must also be enabled.

Run eventvwr.msc at an elevated command prompt.

In the Event viewer, navigate to the applications and Services Logs\Microsoft\Windows\DNS Server.

Right-click DNS Server, point to View, and then click "Show Analytic and Debug Logs".

Right-click Analytical and then click on Properties.

Confirm the "Enable logging" check box is selected.

If the check box to enable analytic and debug logs is not enabled on a Windows 2012 R2 DNS server, this is a finding.

Check Content Reference

M

Target Key

2771

Comments