Recipe 15.6 Enabling DNS Server Debug Logging

15.6.1 Problem

You want to enable DNS debug logging to troubleshoot issues related to DNS queries or updates.

15.6.2 Solution

15.6.2.1 Using a graphical user interface
  1. Open the DNS Management snap-in.

  2. Right-click on DNS in the left pane and select Connect to DNS Server.

  3. Enter the server you want to connect to and click Enter.

  4. Right-click on the server and select Properties.

  5. Click on the Debug Logging tab (or the Logging tab for Windows 2000).

  6. Select what you want to log and the location of the log file (the log file location is hardcoded to %systemroot%\system32\dns\dns.log on Windows 2000).

  7. Click OK.

15.6.2.2 Using a command-line interface

Use the following command to enable debug logging. You have to add together the event codes you want logged and specify the result in hex for the log level. The available event codes can be found in Table 15-3.

> dnscmd <DNSServerName> /Config /LogLevel <EventFlagSumInHex>

Use the following command to specify the location of the log file:

> dnscmd <DNSServerName> /Config /LogFilePath <DirectoryAndFilePath>

Use the following command to log only entries that pertain to certain IP addresses:

> dnscmd <DNSServerName> /Config /LogIPFilterList <IPAddress1>[,<IPAddress2> . . . ]

Use the following command to specify the maximum log file size:

> dnscmd <DNSServerName> /Config /LogFileMaxSize <NumberOfBytesInHex>
15.6.2.3 Using VBScript
' This code enables DNS debug logging.
' ------ SCRIPT CONFIGURATION ------
strServer     = "<DNSServerName>"           ' e.g. dc1
' The log level must be in decimal, not hex like dnscmd
intLogLevel   = <EventFlagSumInDecimal>     ' e.g. 65535
arrFilterList = Array("<IPAddress1>")       ' e.g. 192.168.1.12
strFilePath   = <DirectoryAndFilePath>      ' e.g. c:\dnslog.txt
intFileSize   = <NumberOfBytesInDecimal>    ' e.g. 50000000
' ------ END CONFIGURATION ---------

set objDNS = GetObject("winMgmts:\\" & strServer & "\root\MicrosoftDNS")
set objDNSServer = objDNS.Get("MicrosoftDNS_Server.Name="".""")
objDNSServer.LogLevel = intLogLevel
objDNSServer.LogIPFilterList = arrFilterList
objDNSServer.LogFilePath = strFilePath
objDNSServer.LogFileMaxSize = intFileSize
objDNSServer.Put_
WScript.Echo "Enabled DNS Debug Logging on " & strServer

15.6.3 Discussion

With the DNS Server debug log, you can record all DNS operations received and initiated by the server, including queries, updates, zone transfers, etc. If you need to troubleshoot a particular host, you can use the LogIPFilterList setting in dnscmd or the WMI DNS Provider to restrict the log to operations performed only for or by that host.

The most important debug log setting is the log level. With the DNS Console, you can select from a list of available options. With Windows Server 2003, the DNS Console provides an intuitive interface for selecting the required options. On Windows 2000, you are presented with a list of check boxes and you have to figure out which ones need to be used in conjunction with one another. You have a similar issue with CLI and VBScript solutions, where you need to determine what log level you want to set.

Table 15-3 contains all of the event codes with their hexadecimal and decimal values.

Table 15-3. DNS debug logging event codes

Hexadecimal value

Decimal value

Description

0x0

0

No logging. This is the default.

0x1

1

Queries transactions.

0x10

16

Notifications transactions.

0x20

32

Updates transactions.

0xFE

254

Non-queries transactions.

0x100

256

Question packets.

0x200

512

Answer packets.

0x1000

4096

Send packets.

0x2000

8192

Receive packets.

0x4000

16384

UDP packets.

0x8000

32768

TCP packets.

0xFFFF

65535

All packets.

0x10000

65536

AD write transactions.

0x20000

131072

AD update transactions.

0x1000000

16777216

Full packets.

0x80000000

2147483648

Write-through transactions.

DNS debug logging can come in handy if you want to look at the dynamic update requests a particular DNS server is processing. For example, if a client or DHCP server is attempting to dynamically register records, you can enable the Update Transactions log category on the DNS server you think should be processing the updates. If you don't see any update transactions, that can indicate another server is processing the dynamic update requests.

Transactions are not immediately written to the debug log file as they occur. They are buffered and written to the file after a certain number of requests are processed.

15.6.4 See Also

MSDN: MicrosoftDNS_Server



    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List