Custom InTrust add-in for reporting on DNS debug logs

Hello InTrust Users,

 

I'm pleased to announce the availability of another custom InTrust add-in extending the product reach to new types of logs. This add-in continues a series of out of band solutions we make available to the InTrust customers outside of the official product release.

 

This time it's the add-in that let's you collect debug logs generated by Microsoft DNS servers. The add-in can be downloaded from the compliance community at this link.

 

There are several use cases when collecting and reporting against this log may come handy:

 

1. Detecting rogue DNS servers. DNS servers play a critical role in the modern network utilizing Active Directory as the identity store. It's critical to ensure that all specially created DNS SRV records eventually resolve to the IP addresses of domain controllers set up for the clients in the designated network segment. The report included into the add-in gives visibility into DNS queries and responses returned to the respective clients. You can use this report to check if there any rogue DNS servers in place that may compromise your network.

 

2. Ensuring load balancing of client requests against DNS servers. Using the pre-defined reports included into the add-in you can analyze how often particular DNS servers respond to client requests and how it compares to other servers in the same network location. This will give you an idea how well balanced the DNS servers are across the clients they serve.

 

The installation procedure for the custom add-in is described in the readme file included in the package. Please note that before using the add-in you have to enable the DNS debug log on the servers you want to include into the reports.

 

Please let us know how useful you found this custom add-in and what you think can be added and improved to make it more valuable for real life

 

Disclaimer:

 

1. The solution is not supported through Quest support organization.
2. The solution is provided as is and may only be used at customer’s own risk
3. The solution is given away for free and can only be used in conjunction with Quest InTrust product subject to the validity of its maintenance contract and license compliance
4. Everyone who gets to install and use the solution is encouraged to share his/her feedback with the community. The more feedback the product team gets the higher are the chances that the solution will become an integral part of the official product package and will be officially supported in the future.

 

Thank you,
Alexey Korotich,
Product Manager, Quest InTrust

About the Author