The Fun in DNS Debug Logging - Read the DNS Debug Log

The Fun in DNS Debug Logging - Read the DNS Debug Log

DNS Debug logging

Why would you use DNS' debug logging?  The answer is to track down problems with DNS queries, updates or notification errors. In my case we were in a process of transitioning windows 2003 domain controllers to windows 2008 R2 domain controllers.

So we decided to see which DNS clients (Server/client/dhcp servers) are still pointing towards the to be demoted 2003 domain controllers, so that we can ask to respective teams to correct this to avoid any disruption in environment.

I refer to the below article to Enable debug logging options on the DNS server

Select and enable debug logging options on the DNS server

To view a DNS server debug log file

To Read the DNS Debug Logs

This is the most important section of the article.Please follow the steps given below blindly

  • Edit DNS log file using notepad  (would recommend Notepad ++ if you are not using it already
  • Remove the first 30 lines or so (up to the first DNS query) & save the file.
  • Remove blank lines and then save. You can use Excel for this, but for really large logs you will need to remove blank lines from the txt file before taking it into Excel as the delete rows from the filter may be too big for Excel (Notepad ++ is good for this - replace \n\r with blank).

Now you have a txt file with just queries in.

  • Open Excel and then open file with a space delimiter.
  • All of the incoming IP addresses will now be in 1 column (probably H). Delete all other columns and save to an XL format file.
  • Highlight data and do an advanced filter and select `Unique records only`. Copy the data to a fresh worksheet or text file.

Now you have all of the incoming addresses in their singular. From here it is easy to resolve the names etc.


In one scenario I found 2500 host records in one log so I used the below script to find the hostname. I copied all the ip address to a text file(IPList.Txt) and ran the script.
. I found the parts of the script in google, just joined it together it works just fine


Dim StrHost, strIP, strPingResult, IntLatency 

intRow = 2
Set objExcel = CreateObject("Excel.Application") 

With objExcel 
    .Visible = True
    .Cells(1, 2).Value = "XXXXXXXXXXXXXX"
    .Cells(1, 3).Value = "XXXXXXX"
    .Cells(1, 4).Value = "XXXXXXX"
    .Cells(1, 1).Value = "Hostname"
    .Cells(1, 2).Value = "IP"
    .Cells(1, 3).Value = "Result"
    .Cells(1, 4).Value = "Latency"

'--- Input Text File in the path C:\temp\ IPList.Txt  with IP Addresses
Set Fso = CreateObject("Scripting.FileSystemObject") 
Set InputFile = fso.OpenTextFile("c:\Temp\IPList.Txt") 

DoWhileNot (InputFile.atEndOfStream) 
    StrHost = InputFile.ReadLine 
    Set WshShell = WScript.CreateObject("WScript.Shell") 
    Call PINGlookup( StrHost, strIP, strPingResult, intLatency ) 
    With objExcel
        .Cells(intRow, 1).Value = StrHost 
        .Cells(intRow, 2).Value = strIP 
        .Cells(intRow, 3).Value = strPingResult 
        .Cells(intRow, 4).Value = intLatency 
    intRow = intRow + 1

With objExcel 
    .Selection.Interior.ColorIndex = 19
    .Selection.Font.ColorIndex = 11
    .Selection.Font.Bold = True

Sub PINGlookup(ByRef StrHost, ByRef strIP, ByRef strPingResult, ByRef intLatency )  
    ' In this subroutine both IP address and DNS name is allowed &  Function will return the opposite  
    ' Check if the Hostname is an IP address
    Set oRE = NewRegExp  
    oRE.Pattern = "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$"  
    strMachine = StrHost 
    bIsIP = oRE.Test(strMachine)  
    If bIsIP Then  
        strIP = strMachine 
        StrHost = "-------"
        strIP = "-------"
        StrHost = strMachine 
    'To get a temp filename and open it 
    Set osShell = CreateObject("Wscript.Shell") 
    Set oFS = CreateObject("Scripting.FileSystemObject")  
    sTemp = osShell.ExpandEnvironmentStrings("%TEMP%")  
    sTempFile = sTemp & "\" & oFS.GetTempName  
    ' PING and check if the IP adrress exists 
    intT1 = Fix( Timer * 1000 )  
    osShell.Run "%ComSpec% /c ping -a " & strMachine & " -n 1 > " & sTempFile, 0, True
    intT2 = Fix( Timer * 1000 )  
    intLatency = Fix( intT2 - intT1 ) / 1000
    ' Open the temp Text File and Read out the Data line by line  
    Set oTF = oFS.OpenTextFile(sTempFile)  
    ' To parse the temp text file  
    strPingResult = "-------"'assume failed 
    DoWhileNot oTF.AtEndoFStream  
        strLine = Trim(oTF.Readline)  
        If strLine = ""Then  
            strFirstWord = ""
            arrStringLine = Split(strLine, " ", -1, 1) 
            strFirstWord = arrStringLine(0) 
        SelectCase strFirstWord 
                If arrStringLine(2) = "with"Then
                    strPingResult = "-------"
                    StrHost = "-------"
                    StrHost = arrStringLine(1) 
                    strIP = arrStringLine(2) 
                    strLen = Len( strIP ) - 2
                    strIP = Mid( strIP, 2, strLen ) 
                    strPingResult = "Ok"
            'End Case 
            Case"Ping"' pinging non existing hostname 
                strPingResult = "------"
            'End Case  
    'to Close it  
    'To delete It  
    oFS.DeleteFile sTempFile  


Disable Debug logging

Leave a Comment
  • Please add 5 and 3 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Page 1 of 1 (2 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Page 1 of 1 (8 items)