DNS Debug logging
Why would you use DNS' debug logging? The answer is to track down problems with DNS queries, updates or notification errors. In my case we were in a process of transitioning windows 2003 domain controllers to windows 2008 R2 domain controllers.
So we decided to see which DNS clients (Server/client/dhcp servers) are still pointing towards the to be demoted 2003 domain controllers, so that we can ask to respective teams to correct this to avoid any disruption in environment.
I refer to the below article to Enable debug logging options on the DNS server
http://technet.microsoft.com/en-us/library/cc759581(v=ws.10).aspx
Select and enable debug logging options on the DNS server
To view a DNS server debug log file http://technet.microsoft.com/en-us/library/cc776445(v=ws.10).aspx
To Read the DNS Debug Logs
This is the most important section of the article.Please follow the steps given below blindly
Now you have a txt file with just queries in.
Now you have all of the incoming addresses in their singular. From here it is easy to resolve the names etc.
In one scenario I found 2500 host records in one log so I used the below script to find the hostname. I copied all the ip address to a text file(IPList.Txt) and ran the script. . I found the parts of the script in google, just joined it together it works just fine
‘==================================================================================================
Dim StrHost, strIP, strPingResult, IntLatency intRow = 2 Set objExcel = CreateObject("Excel.Application") With objExcel .Visible = True .Workbooks.Add .Cells(1, 1).Value = "XXXXXXXXXXXXXXXXXXXXXXXXXXX" .Cells(1, 2).Value = "XXXXXXXXXXXXXX" .Cells(1, 3).Value = "XXXXXXX" .Cells(1, 4).Value = "XXXXXXX" .Range("A1:D1").Select .Cells.EntireColumn.AutoFit .Cells(1, 1).Value = "Hostname" .Cells(1, 2).Value = "IP" .Cells(1, 3).Value = "Result" .Cells(1, 4).Value = "Latency" End With '--- Input Text File in the path C:\temp\ IPList.Txt with IP Addresses Set Fso = CreateObject("Scripting.FileSystemObject") Set InputFile = fso.OpenTextFile("c:\Temp\IPList.Txt") Do While Not (InputFile.atEndOfStream) StrHost = InputFile.ReadLine Set WshShell = WScript.CreateObject("WScript.Shell") Call PINGlookup( StrHost, strIP, strPingResult, intLatency ) With objExcel .Cells(intRow, 1).Value = StrHost .Cells(intRow, 2).Value = strIP .Cells(intRow, 3).Value = strPingResult .Cells(intRow, 4).Value = intLatency End With intRow = intRow + 1 Loop With objExcel .Range("A1:D1").Select .Selection.Interior.ColorIndex = 19 .Selection.Font.ColorIndex = 11 .Selection.Font.Bold = True .Cells.EntireColumn.AutoFit End With Sub PINGlookup(ByRef StrHost, ByRef strIP, ByRef strPingResult, ByRef intLatency ) ' In this subroutine both IP address and DNS name is allowed & Function will return the opposite ' Check if the Hostname is an IP address Set oRE = New RegExp oRE.Pattern = "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" strMachine = StrHost bIsIP = oRE.Test(strMachine) If bIsIP Then strIP = strMachine StrHost = "-------" Else strIP = "-------" StrHost = strMachine End If 'To get a temp filename and open it Set osShell = CreateObject("Wscript.Shell") Set oFS = CreateObject("Scripting.FileSystemObject") sTemp = osShell.ExpandEnvironmentStrings("%TEMP%") sTempFile = sTemp & "\" & oFS.GetTempName ' PING and check if the IP adrress exists intT1 = Fix( Timer * 1000 ) osShell.Run "%ComSpec% /c ping -a " & strMachine & " -n 1 > " & sTempFile, 0, True intT2 = Fix( Timer * 1000 ) intLatency = Fix( intT2 - intT1 ) / 1000 �� ' Open the temp Text File and Read out the Data line by line Set oTF = oFS.OpenTextFile(sTempFile) ' To parse the temp text file strPingResult = "-------" 'assume failed Do While Not oTF.AtEndoFStream strLine = Trim(oTF.Readline) If strLine = "" Then strFirstWord = "" Else arrStringLine = Split(strLine, " ", -1, 1) strFirstWord = arrStringLine(0) End If Select Case strFirstWord Case "Pinging" If arrStringLine(2) = "with" Then strPingResult = "-------" StrHost = "-------" Else StrHost = arrStringLine(1) strIP = arrStringLine(2) strLen = Len( strIP ) - 2 strIP = Mid( strIP, 2, strLen ) strPingResult = "Ok" End If Exit Do 'End Case Case "Ping" ' pinging non existing hostname strPingResult = "------" Exit Do 'End Case End Select Loop 'to Close it oTF.Close 'To delete It oFS.DeleteFile sTempFile End Sub
‘===============================================================================
Disable Debug logging http://technet.microsoft.com/en-us/library/cc783664(v=ws.10).aspx
Ed Price - MSFT edited Revision 6. Comment: Title casing
Fernando Lugão Veltem edited Revision 2. Comment: added toc
Good one Tanmoy
Thanks Biswajith...Thanks Ed
NIce wiki/blog on the subject.
Thanks Ace