Rogue DNS - What events are generated?

[rz4075]

What events would be generated on a DNS server or within AD if another
rogue DNS device was introduced into the network?

Just trying to start querying for events to quickly address this should
it become an issue.

 

[Herb Martin]

What events would be generated on a DNS server or within AD if another
rogue DNS device was introduced into the network?

None if DNS is properly configured.

It would be entirely irrelevant if that were the
only issue.

A DNS server is ONLY used if the clients are
set to use it, a DNS server forwards to it, or
a parent domain delegates to it.

Additional DNS servers don't really matter and
would probably not be called "rogue" (unlike
DHCP where rogue servers interfere.)

Just trying to start querying for events to quickly address this should
it become an issue.

If you are network monitoring just filter for DNS
request to ALL BUT your own DNS (official)
DNS servers.

Port 53 for both UDP and TCP.