Addressing the Cluster that is AD DNS Logging Using Graylog and a Custom Plugin

Hosted by Jim Nitterauer (Director, Information Security in Engineering) Microsoft AD DNS has the ability to log all query data. Unfortunately, the format of those log entries is pretty heinous, and configuring all the useful features requires a bit of PowerShell wizardry. This is unfortunate as local DNS logs can reveal a huge amount of useful data including signs of misconfigured DNS as well as end user device compromise. Getting your DNS data into a useful format should not be difficult and with the Graylog, a custom plugin and a few Windows tricks, it’s not. This talk will cover the basic configuration of AD DNS for logging and shipping those logs to Graylog as well as cover some best practices for gaining insight into your local DNS traffic. This video is part of Graylog GO 2021.