DNS logging question (Newbie)

[Lordosis]

Hi, I need help to set up logging on a DNS server. I've (truly) read the
help files and I still don't get it ;-)
What I want to do is to have the DNS server log all queries to a text file.
I want all queries from all (3) clients to be logged. I would also like to
have a way to "pipe" this to the screen, just like you can "tail" a logfile
if you use Linux. Is this possible to do? That is to redirect output to
screen (black little window is OK)?
Any help appreciated.
Pete

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hi, I need help to set up logging on a DNS server. I've
(truly) read the help files and I still don't get it ;-)
What I want to do is to have the DNS server log all
queries to a text file. I want all queries from all (3)
clients to be logged. I would also like to have a way to
"pipe" this to the screen, just like you can "tail" a
logfile if you use Linux. Is this possible to do? That is
to redirect output to screen (black little window is OK)?
Any help appreciated.
Pete

DNS can log all queries using advanced logging, I'm sure you can
programatically pipe it to an application if you can program an app to do
it.
That said, DNS is normally a read only application and can handle hundreds
of queries per second, but if it has to write the queries to a log, it will
slow it considerably and make it too slow to keep up the pace.
Advanced logging is intended for short term diagnosing of DNS problems and
should never be used long term, just to see what queries DNS is getting.

 

[Lordosis]

In

DNS can log all queries using advanced logging, I'm sure you can
programatically pipe it to an application if you can program an app to do
it.
That said, DNS is normally a read only application and can handle hundreds
of queries per second, but if it has to write the queries to a log, it
will slow it considerably and make it too slow to keep up the pace.
Advanced logging is intended for short term diagnosing of DNS problems and
should never be used long term, just to see what queries DNS is getting.

Well, I understand that it should not run debugging over a long period of
time, but I want to do this for a while even if it slows down my DNS to a
crawl
How do I turn on this logging at all? I tried to check Queries, Questions,
Answers, TCP and UDP, but absolutely nothing shows up in the DNS log. I
tried to restart the service, nothing in the log. I tried to check all
possibilities, restarted DNS an still nothing in the log?! The "piping to
screen" can wait, but how do I get a log of which queries are sent and
resolved? The network is working, URLs are resolved and pages from the web
are loading so DNS must be working.
Pete (slightly confused)...

 

[Kevin D. Goodknecht Sr. [MVP]]

Well, I understand that it should not run debugging over a long
period of time, but I want to do this for a while even if it slows
down my DNS to a crawl
How do I turn on this logging at all? I tried to check Queries,
Questions, Answers, TCP and UDP, but absolutely nothing shows up in
the DNS log. I tried to restart the service, nothing in the log. I
tried to check all possibilities, restarted DNS an still nothing in
the log?! The "piping to screen" can wait, but how do I get a log of
which queries are sent and resolved? The network is working, URLs are
resolved and pages from the web are loading so DNS must be working.
Pete (slightly confused)...

In the DNS Management console, right click on the DNS server name, choose
properties, select the logging tab.
The log is in the %systemroot%\system32\dns directory

 

[Lordosis]

In the DNS Management console, right click on the DNS server name, choose
properties, select the logging tab.
The log is in the %systemroot%\system32\dns directory

Thanks for your advice, but this is still not working. I tried to
right-click the server name, went to logging, checked all possibilities and
restarted the DNS service. The network had a lot of traffic over several
hours, resolving hundreds of URLs. still the winnt/system32/dns/dns.log has
0 bytes. The two other files there (cache.dns & 1.1.10.in-addr.arpa) are
not 0 bytes, but there is no record of queries being solved. I then checked
that the clients do not have any other DNS servers showing up in
ipconfig /all, and they all point to 10.1.1.1, which is the fixed IP adress
of the DNS server.
I was thinking that maybe my DNS simply forwards everything to the ISPs DNS
server, and therefore all resolving is done there? How can I find out for
certain if this is the case?
Thanx!

 

[Ken B]

What happens if you try to ping something inside your network by fqdn?

 

[Lordosis]

What happens if you try to ping something inside your network by fqdn?

I get an answer if I ping by hostname and ig I ping by FQDN and if I ping by
IP adress. Name resolution seems to work...