Enable DNS Request Logging for Windows Servers
I am in the process of decommissioning several DNS and Active Directory servers and wanted to make sure there were no undocumented devices on the LAN that were statically set to use one of the soon-to-be-decommissioned DNS servers. I figured the best way to do this would be to record all requests for DNS from the specific servers and it is fairly straight forward to do.
1. Open the Domain Name System Microsoft Management Console (DNS MMC) snap-in by going to Start, Programs, Administrative Tools, and then DNS Manager
2. From the DNS Server, right-click the server and select Properties
2. From the DNS Server, right-click the server and select Properties
3. The Properties pop-window will appear on your screen.
4. Select the Debug Logging tab and the Log packets debugging check box, respectively.
5. Ensure that the Incoming, UDP, Queries/Transfers, and Request check boxes are selected.
To ensure that the server’s drive does not exceed capacity, make sure you set an appropriate file size limit!
6. Click the OK button.
That is it! Your text file will start logging items for you. This will work on:
- Windows Server 2003
- Windows Server 2003 R2
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016