Enabling DNS Server Debug Logging

Posted: March 27, 2010 in Active Directory, Server, System Information


You want to enable DNS debug logging to troubleshoot issues related to DNS queries or updates.


Using a graphical user interface
  1. From the Administrative Tools, open the DNS Management snap-in.

  2. Connect to the DNS Server you want to modify. In the left pane, right-click on DNS and select “Connect to DNS Server.” Select “The following computer” and enter the target server name. Click OK.

  3. Right-click on the server and select Properties.

  4. Click on the Debug Logging tab (or the Logging tab in Windows 2000).

  5. Select what you want to log and the location of the logfile (in Windows 2000, the logfile location is hardcoded to %systemroot%\system32\dns\dns.log).

  6. Click OK.

Using a command-line interface

Use the following four commands to enable debug logging. For the log level, you have to add together the event codes you want logged and specify the result in hex. The available event codes can be found in Table 14-3.

	> dnscmd <ServerName> /Config /LogLevel <EventFlagSumInHex>

Use the following command to specify the location of the logfile:

	> dnscmd <ServerName> /Config /LogFilePath <DirectoryAndFilePath>

Use the following command to log only entries that pertain to certain IP addresses:

	> dnscmd <ServerName> /Config /LogIPFilterList <IPAddress1>[,<IPAddress2>…]

Use the following command to specify the maximum logfile size:

	> dnscmd <ServerName> /Config /LogFileMaxSize <NumberOfBytesInHex>

Use the following command to disable debug logging:

	> dnscmd <ServerName> /Config /LogLevel 0

Using VBScript
	' This code enables  
DNS debug logging.
	' ------ SCRIPT CONFIGURATION -------
	strServer = "<ServerName>" ' e.g. dc1
	' The log level must be in decimal, not hex like dnscmd
	intLogLevel = <EventFlagSumInDecimal> ' e.g. 65535
	arrFilterList = Array("<IPAddress1>") ' e.g.
	strFilePath = <DirectoryAndFilePath> ' e.g. c:\dnslog.txt
	intFileSize = <NumberOfBytesInDecimal> ' e.g. 50000000
	' ------ END CONFIGURATION ---------

	set objDNS = GetObject("winMgmts:\\" & strServer & "\root\MicrosoftDNS")
	set objDNSServer = objDNS.Get("MicrosoftDNS_Server.Name="".""")
	objDNSServer.LogLevel = intLogLevel
	objDNSServer.LogIPFilterList = arrFilterList

LogFilePath = strFilePath
	objDNSServer.LogFileMaxSize = intFileSize
	WScript.Echo "Enabled DNS  
Debug Logging on " & strServer

	' To disable  
debug logging, set the intLogLevel variable to 0


With the DNS Server debug log, you can record all DNS operations received and initiated by the server, including queries, updates, zone transfers, etc. If you need to troubleshoot a particular host, you can use the LogIPFilterList setting in dnscmd or the WMI DNS Provider to restrict the log to operations performed only for or by that host.

The most important debug log setting is the log level. With the DNS snap-in, you can select from a list of available options. With Windows Server 2003, the DNS snap-in provides an intuitive interface for selecting the required options. On Windows 2000, you are presented with a list of checkboxes and you have to figure out which ones need to be used in conjunction with one another. You have a similar issue with CLI and VBScript solutions, where you need to determine what log level you want to set.

Table contains all of the event codes with their hexadecimal and decimal values.

Table . DNS debug logging event codes
Hexadecimal value Decimal value Descriptions
0x0 0 No logging. This is the default.
0x1 1 Query transactions.
0x10 16 Notifications transactions.
0x20 32 Update transactions.
0xFE 254 Nonquery transactions.
0x100 256 Question packets.
0x200 512 Answer packets.
0x1000 4096 Send packets.
0x2000 8192 Receive packets.
0x4000 16384 UDP packets.
0x8000 32768 TCP packets.
0xFFFF 65535 All packets.
0x10000 65536 AD write transactions.
0x20000 131072 AD update transactions.
0x1000000 16777216 Full packets.
0x80000000 2147483648 Write-through transactions.

DNS debug logging can come in handy if you want to look at the dynamic update requests a particular DNS Server is processing. For example, if a client or DHCP server is attempting to dynamically register records, you can enable the Update Transactions log category on the DNS Server you think should be processing the updates. If you don’t see any update transactions, this can indicate that another server is processing the dynamic update requests.

  1. […] Enabling DNS Server Debug Logging March 2010 […]

  2. Dennis says:

    Magnificent beat ! I would like to apprentice even as you
    amend your web site, how could i subscribe for a blog website?
    The account helped me a appropriate deal. I were tiny bit familiar of
    this your broadcast provided vivid clear idea

  3. Hi there, You’ve done a fantastic job. I’ll certainly digg it and personally suggest to my friends.

    I’m sure they will be benefited from this web site.

  4. Raju says:

    I am in fact grateful to the holder of this site who has shared this wonderful piece of writing at at this time.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s