Enabling DNS Server Debug Logging

March 27, 2010 1 Comment

Problem

You want to enable DNS debug logging to troubleshoot issues related to DNS queries or updates.

Solution

Using a graphical user interface

  1. From the Administrative Tools, open the DNS Management snap-in.

  2. Connect to the DNS Server you want to modify. In the left pane, right-click on DNS and select “Connect to DNS Server.” Select “The following computer” and enter the target server name. Click OK.

  3. Right-click on the server and select Properties.

  4. Click on the Debug Logging tab (or the Logging tab in Windows 2000).

  5. Select what you want to log and the location of the logfile (in Windows 2000, the logfile location is hardcoded to %systemroot%\system32\dns\dns.log).

  6. Click OK.

Using a command-line interface

Use the following four commands to enable debug logging. For the log level, you have to add together the event codes you want logged and specify the result in hex. The available event codes can be found in Table 14-3.

	> dnscmd <ServerName> /Config /LogLevel <EventFlagSumInHex>

Use the following command to specify the location of the logfile:

	> dnscmd <ServerName> /Config /LogFilePath <DirectoryAndFilePath>

Use the following command to log only entries that pertain to certain IP addresses:

	> dnscmd <ServerName> /Config /LogIPFilterList <IPAddress1>[,<IPAddress2>…]

Use the following command to specify the maximum logfile size:

	> dnscmd <ServerName> /Config /LogFileMaxSize <NumberOfBytesInHex>

Use the following command to disable debug logging:

	> dnscmd <ServerName> /Config /LogLevel 0

Using VBScript
	' This code enables  
DNS debug logging.
	' ------ SCRIPT CONFIGURATION -------
	strServer = "<ServerName>" ' e.g. dc1
	' The log level must be in decimal, not hex like dnscmd
	intLogLevel = <EventFlagSumInDecimal> ' e.g. 65535
	arrFilterList = Array("<IPAddress1>") ' e.g. 192.168.1.12
	strFilePath = <DirectoryAndFilePath> ' e.g. c:\dnslog.txt
	intFileSize = <NumberOfBytesInDecimal> ' e.g. 50000000
	' ------ END CONFIGURATION ---------

	set objDNS = GetObject("winMgmts:\\" & strServer & "\root\MicrosoftDNS")
	set objDNSServer = objDNS.Get("MicrosoftDNS_Server.Name="".""")
	objDNSServer.LogLevel = intLogLevel
	objDNSServer.LogIPFilterList = arrFilterList

	 
objDNSServer. 
LogFilePath = strFilePath
	objDNSServer.LogFileMaxSize = intFileSize
	objDNSServer.Put_
	WScript.Echo "Enabled DNS  
Debug Logging on " & strServer

	' To disable  
debug logging, set the intLogLevel variable to 0

Discussion

With the DNS Server debug log, you can record all DNS operations received and initiated by the server, including queries, updates, zone transfers, etc. If you need to troubleshoot a particular host, you can use the LogIPFilterList setting in dnscmd or the WMI DNS Provider to restrict the log to operations performed only for or by that host.

The most important debug log setting is the log level. With the DNS snap-in, you can select from a list of available options. With Windows Server 2003, the DNS snap-in provides an intuitive interface for selecting the required options. On Windows 2000, you are presented with a list of checkboxes and you have to figure out which ones need to be used in conjunction with one another. You have a similar issue with CLI and VBScript solutions, where you need to determine what log level you want to set.

Table contains all of the event codes with their hexadecimal and decimal values.

Table . DNS debug logging event codes
Hexadecimal value Decimal value Descriptions
0×0 0 No logging. This is the default.
0×1 1 Query transactions.
0×10 16 Notifications transactions.
0×20 32 Update transactions.
0xFE 254 Nonquery transactions.
0×100 256 Question packets.
0×200 512 Answer packets.
0×1000 4096 Send packets.
0×2000 8192 Receive packets.
0×4000 16384 UDP packets.
0×8000 32768 TCP packets.
0xFFFF 65535 All packets.
0×10000 65536 AD write transactions.
0×20000 131072 AD update transactions.
0×1000000 16777216 Full packets.
0×80000000 2147483648 Write-through transactions.

DNS debug logging can come in handy if you want to look at the dynamic update requests a particular DNS Server is processing. For example, if a client or DHCP server is attempting to dynamically register records, you can enable the Update Transactions log category on the DNS Server you think should be processing the updates. If you don’t see any update transactions, this can indicate that another server is processing the dynamic update requests.

Filed under Active Directory, Server, System Information Tagged with

About ignitedsoul
Hello Everyone, I am a IT Analyst and have a experience of around 5 years, If anyone has any questions, comments or issues, please contact me in the first instance and I will handle your query. Thank you, Ignited Soul

One Response to Enabling DNS Server Debug Logging

  1. Pingback: 2010 in review « IgNiTeD SoUL

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 57 other followers