diff --git a/tools/config/elk-windows.yml b/tools/config/elk-windows.yml
index a5b6af2f..8f77de58 100644
--- a/tools/config/elk-windows.yml
+++ b/tools/config/elk-windows.yml
@@ -17,3 +17,8 @@ logsources:
     service: sysmon
     conditions:
       EventLog: Microsoft-Windows-Sysmon
+  windows-dns-server:
+    product: windows
+    service: dns-server
+    conditions:
+      EventLog: 'DNS Server'
diff --git a/tools/config/logpoint-windows-all.yml b/tools/config/logpoint-windows-all.yml
index a80cf3f1..1a0668b4 100644
--- a/tools/config/logpoint-windows-all.yml
+++ b/tools/config/logpoint-windows-all.yml
@@ -9,6 +9,11 @@ logsources:
     service: system
     conditions:
       event_source: 'Microsoft-Windows-Security-Auditing'
+  windows-dns-server:
+    product: windows
+    service: dns-server
+    conditions:
+      event_source: 'DNS Server'
 fieldmappings:
     EventID: event_id
     FailureCode: result_code
diff --git a/tools/config/splunk-windows-all.yml b/tools/config/splunk-windows-all.yml
index 31811c72..da775c9f 100644
--- a/tools/config/splunk-windows-all.yml
+++ b/tools/config/splunk-windows-all.yml
@@ -28,11 +28,16 @@ logsources:
     product: windows
     service: powershell-classic
     conditions:
-      source: 'Windows PowerShell'      
+      source: 'Windows PowerShell'    
   windows-powershell:
     product: windows
     service: taskscheduler
     conditions:
       source: 'WinEventLog:Microsoft-Windows-TaskScheduler/Operational'
+  windows-dns-server:
+    product: windows
+    service: dns-server
+    conditions:
+      source: 'DNS Server'
 fieldmappings:
     EventID: EventCode