Configure Windows Domain Name Server
If you're using TA-Windows version 6.0.0 or later, you don't need TA_AD and TA_DNS. TA_AD and TA_DNS are merged with TA-Windows version 6.0.0.
Enable DNS debug logging
If you want detailed DNS server statistics, enable debug logging on your DNS servers by following the instructions for your operating system:
- For Windows Server 2008 R2 or later, see Select and enable debug logging options on the DNS server on MS TechNet. This procedure works for Windows Server 2008 R2 or later even though the article shows that it is for Windows Server 2003 family operating systems, as the procedure is the same.
Impact of DNS debug logging on performance and license usage
When you enable debug logging on your DNS servers, you must consider the following caveats:
- If you enable DNS server debug logging, individual DNS server performance decreases significantly.
- Debug logging generates significant amounts of data that might exhaust disk space on your DNS servers, which can potentially cause downtime. You must watch and rotate your DNS server logs to prevent disk capacity issues from occurring.
- Debug logging also greatly increases the overall amount of data indexed by the Splunk App for Windows Infrastructure. Ensure that you have a Splunk license that can accommodate the additional indexing volume.
What's next?
After configuring the Windows DNS servers for debug logging, install a universal forwarder on the DNS server and deploy the Splunk Add-on for Windows DNS onto the client. See Deploy the Splunk Add-on for Windows DNS to learn how.
| Sample searches and dashboards | Confirm and troubleshoot DNS data collection |
This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4
Download manual
Feedback submitted, thanks!