DNS Server Logs
Overview
Section titled “Overview”Evidence: DNS Server Logs
Description: Collect DNS Server Logs
Category: Applications
Platform: windows
Short Name: dnsl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”DNS Server logs record domain name resolution queries and responses. DNS logging captures which domains were queried, by whom, and when, providing visibility into network communication patterns.
Data Collected
Section titled “Data Collected”This collector gathers structured data about dns server logs.
Collection Method
Section titled “Collection Method”This collector gathers DNS server log files from the Windows DNS directory, including active and backup logs containing query records.
Forensic Value
Section titled “Forensic Value”DNS logs are crucial for detecting command and control communications, data exfiltration via DNS tunneling, malicious domain lookups, and DGA-based malware. They reveal network reconnaissance and lateral movement attempts.