Hi All,
I’m seeking advice on managing DNS logs on domain controllers where DNS is configured directly. Specifically, how are you handling DNS log cleanup? According to Rapid7 documentation, the log folder should be on the C: drive of the DNS server, and a scheduled task should clean up logs after two days to prevent the drive from reaching capacity. What methods are you using for this cleanup? Are you utilizing a service account for the scheduled task on the DCs?
Thank you!
Hello mthomas,
I am doing what Rapid7 recommends with the log folder that is cleaned up with a scheduled task for DNS logs. It runs as a specific service account with only rights to delete files on that folder. It was set to do a clean-up every 2 days, but it was starting to fill up the C drive on the DC, so I scaled it back to just one day.
Ultimately, it doesn’t matter since in IDR for the DNS Event Source; you can scan it every 30 seconds for changes in that file folder so the cleanup can be set up to operate even quicker than a day.
Let me know if you have any other questions or if this all helps.
-Noah