DNS logging question (Newbie)

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi, I need help to set up logging on a DNS server. I've (truly) read the
help files and I still don't get it ;-)
What I want to do is to have the DNS server log all queries to a text file.
I want all queries from all (3) clients to be logged. I would also like to
have a way to "pipe" this to the screen, just like you can "tail" a logfile
if you use Linux. Is this possible to do? That is to redirect output to
screen (black little window is OK)?
Any help appreciated.
Pete
6 answers Last reply
More about logging question newbie
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:ACQ4e.4689$4c.606952@juliett.dax.net,
    Lordosis <poppers2000@hotmail.com> commented
    Then Kevin replied below:
    > Hi, I need help to set up logging on a DNS server. I've
    > (truly) read the help files and I still don't get it ;-)
    > What I want to do is to have the DNS server log all
    > queries to a text file. I want all queries from all (3)
    > clients to be logged. I would also like to have a way to
    > "pipe" this to the screen, just like you can "tail" a
    > logfile if you use Linux. Is this possible to do? That is
    > to redirect output to screen (black little window is OK)?
    > Any help appreciated.
    > Pete

    DNS can log all queries using advanced logging, I'm sure you can
    programatically pipe it to an application if you can program an app to do
    it.
    That said, DNS is normally a read only application and can handle hundreds
    of queries per second, but if it has to write the queries to a log, it will
    slow it considerably and make it too slow to keep up the pace.
    Advanced logging is intended for short term diagnosing of DNS problems and
    should never be used long term, just to see what queries DNS is getting.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    Kevin D. Goodknecht Sr. [MVP] wrote:

    > In news:ACQ4e.4689$4c.606952@juliett.dax.net,
    > Lordosis <poppers2000@hotmail.com> commented
    > Then Kevin replied below:
    >> Hi, I need help to set up logging on a DNS server. I've
    >> (truly) read the help files and I still don't get it ;-)
    >> What I want to do is to have the DNS server log all
    >> queries to a text file. I want all queries from all (3)
    >> clients to be logged. I would also like to have a way to
    >> "pipe" this to the screen, just like you can "tail" a
    >> logfile if you use Linux. Is this possible to do? That is
    >> to redirect output to screen (black little window is OK)?
    >> Any help appreciated.
    >> Pete
    >
    > DNS can log all queries using advanced logging, I'm sure you can
    > programatically pipe it to an application if you can program an app to do
    > it.
    > That said, DNS is normally a read only application and can handle hundreds
    > of queries per second, but if it has to write the queries to a log, it
    > will slow it considerably and make it too slow to keep up the pace.
    > Advanced logging is intended for short term diagnosing of DNS problems and
    > should never be used long term, just to see what queries DNS is getting.
    >
    Well, I understand that it should not run debugging over a long period of
    time, but I want to do this for a while even if it slows down my DNS to a
    crawl :-)
    How do I turn on this logging at all? I tried to check Queries, Questions,
    Answers, TCP and UDP, but absolutely nothing shows up in the DNS log. I
    tried to restart the service, nothing in the log. I tried to check all
    possibilities, restarted DNS an still nothing in the log?! The "piping to
    screen" can wait, but how do I get a log of which queries are sent and
    resolved? The network is working, URLs are resolved and pages from the web
    are loading so DNS must be working.
    Pete (slightly confused)...
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    Lordosis wrote:
    > Kevin D. Goodknecht Sr. [MVP] wrote:
    >
    >> In news:ACQ4e.4689$4c.606952@juliett.dax.net,
    >> Lordosis <poppers2000@hotmail.com> commented
    >> Then Kevin replied below:
    >>> Hi, I need help to set up logging on a DNS server. I've
    >>> (truly) read the help files and I still don't get it ;-)
    >>> What I want to do is to have the DNS server log all
    >>> queries to a text file. I want all queries from all (3)
    >>> clients to be logged. I would also like to have a way to
    >>> "pipe" this to the screen, just like you can "tail" a
    >>> logfile if you use Linux. Is this possible to do? That is
    >>> to redirect output to screen (black little window is OK)?
    >>> Any help appreciated.
    >>> Pete
    >>
    >> DNS can log all queries using advanced logging, I'm sure you can
    >> programatically pipe it to an application if you can program an app
    >> to do it.
    >> That said, DNS is normally a read only application and can handle
    >> hundreds of queries per second, but if it has to write the queries
    >> to a log, it will slow it considerably and make it too slow to keep
    >> up the pace. Advanced logging is intended for short term diagnosing
    >> of DNS problems and should never be used long term, just to see what
    >> queries DNS is getting.
    >>
    > Well, I understand that it should not run debugging over a long
    > period of time, but I want to do this for a while even if it slows
    > down my DNS to a crawl :-)
    > How do I turn on this logging at all? I tried to check Queries,
    > Questions, Answers, TCP and UDP, but absolutely nothing shows up in
    > the DNS log. I tried to restart the service, nothing in the log. I
    > tried to check all possibilities, restarted DNS an still nothing in
    > the log?! The "piping to screen" can wait, but how do I get a log of
    > which queries are sent and resolved? The network is working, URLs are
    > resolved and pages from the web are loading so DNS must be working.
    > Pete (slightly confused)...

    In the DNS Management console, right click on the DNS server name, choose
    properties, select the logging tab.
    The log is in the %systemroot%\system32\dns directory


    --?
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    Kevin D. Goodknecht Sr. [MVP] wrote:

    > Lordosis wrote:
    >> Kevin D. Goodknecht Sr. [MVP] wrote:
    >>
    >>> In news:ACQ4e.4689$4c.606952@juliett.dax.net,
    >>> Lordosis <poppers2000@hotmail.com> commented
    >>> Then Kevin replied below:
    >>>> Hi, I need help to set up logging on a DNS server. I've
    >>>> (truly) read the help files and I still don't get it ;-)
    >>>> What I want to do is to have the DNS server log all
    >>>> queries to a text file. I want all queries from all (3)
    >>>> clients to be logged. I would also like to have a way to
    >>>> "pipe" this to the screen, just like you can "tail" a
    >>>> logfile if you use Linux. Is this possible to do? That is
    >>>> to redirect output to screen (black little window is OK)?
    >>>> Any help appreciated.
    >>>> Pete
    >>>
    >>> DNS can log all queries using advanced logging, I'm sure you can
    >>> programatically pipe it to an application if you can program an app
    >>> to do it.
    >>> That said, DNS is normally a read only application and can handle
    >>> hundreds of queries per second, but if it has to write the queries
    >>> to a log, it will slow it considerably and make it too slow to keep
    >>> up the pace. Advanced logging is intended for short term diagnosing
    >>> of DNS problems and should never be used long term, just to see what
    >>> queries DNS is getting.
    >>>
    >> Well, I understand that it should not run debugging over a long
    >> period of time, but I want to do this for a while even if it slows
    >> down my DNS to a crawl :-)
    >> How do I turn on this logging at all? I tried to check Queries,
    >> Questions, Answers, TCP and UDP, but absolutely nothing shows up in
    >> the DNS log. I tried to restart the service, nothing in the log. I
    >> tried to check all possibilities, restarted DNS an still nothing in
    >> the log?! The "piping to screen" can wait, but how do I get a log of
    >> which queries are sent and resolved? The network is working, URLs are
    >> resolved and pages from the web are loading so DNS must be working.
    >> Pete (slightly confused)...
    >
    > In the DNS Management console, right click on the DNS server name, choose
    > properties, select the logging tab.
    > The log is in the %systemroot%\system32\dns directory
    >
    >
    > --?
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ===================================
    > When responding to posts, please "Reply to Group"
    > via your newsreader so that others may learn and
    > benefit from your issue, to respond directly to
    > me remove the nospam. from my email address.
    > ===================================
    > http://www.lonestaramerica.com/
    > ===================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ===================================
    > Keep a back up of your OE settings and folders
    > with OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ===================================
    Thanks for your advice, but this is still not working. I tried to
    right-click the server name, went to logging, checked all possibilities and
    restarted the DNS service. The network had a lot of traffic over several
    hours, resolving hundreds of URLs. still the winnt/system32/dns/dns.log has
    0 bytes. The two other files there (cache.dns & 1.1.10.in-addr.arpa) are
    not 0 bytes, but there is no record of queries being solved. I then checked
    that the clients do not have any other DNS servers showing up in
    ipconfig /all, and they all point to 10.1.1.1, which is the fixed IP adress
    of the DNS server.
    I was thinking that maybe my DNS simply forwards everything to the ISPs DNS
    server, and therefore all resolving is done there? How can I find out for
    certain if this is the case?
    Thanx!
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    What happens if you try to ping something inside your network by fqdn?

    "Lordosis" <poppers2000@hotmail.com> wrote in message
    news:lnp5e.4807$4c.620000@juliett.dax.net...
    > Kevin D. Goodknecht Sr. [MVP] wrote:
    >
    >> Lordosis wrote:
    >>> Kevin D. Goodknecht Sr. [MVP] wrote:
    >>>
    >>>> In news:ACQ4e.4689$4c.606952@juliett.dax.net,
    >>>> Lordosis <poppers2000@hotmail.com> commented
    >>>> Then Kevin replied below:
    >>>>> Hi, I need help to set up logging on a DNS server. I've
    >>>>> (truly) read the help files and I still don't get it ;-)
    >>>>> What I want to do is to have the DNS server log all
    >>>>> queries to a text file. I want all queries from all (3)
    >>>>> clients to be logged. I would also like to have a way to
    >>>>> "pipe" this to the screen, just like you can "tail" a
    >>>>> logfile if you use Linux. Is this possible to do? That is
    >>>>> to redirect output to screen (black little window is OK)?
    >>>>> Any help appreciated.
    >>>>> Pete
    >>>>
    >>>> DNS can log all queries using advanced logging, I'm sure you can
    >>>> programatically pipe it to an application if you can program an app
    >>>> to do it.
    >>>> That said, DNS is normally a read only application and can handle
    >>>> hundreds of queries per second, but if it has to write the queries
    >>>> to a log, it will slow it considerably and make it too slow to keep
    >>>> up the pace. Advanced logging is intended for short term diagnosing
    >>>> of DNS problems and should never be used long term, just to see what
    >>>> queries DNS is getting.
    >>>>
    >>> Well, I understand that it should not run debugging over a long
    >>> period of time, but I want to do this for a while even if it slows
    >>> down my DNS to a crawl :-)
    >>> How do I turn on this logging at all? I tried to check Queries,
    >>> Questions, Answers, TCP and UDP, but absolutely nothing shows up in
    >>> the DNS log. I tried to restart the service, nothing in the log. I
    >>> tried to check all possibilities, restarted DNS an still nothing in
    >>> the log?! The "piping to screen" can wait, but how do I get a log of
    >>> which queries are sent and resolved? The network is working, URLs are
    >>> resolved and pages from the web are loading so DNS must be working.
    >>> Pete (slightly confused)...
    >>
    >> In the DNS Management console, right click on the DNS server name, choose
    >> properties, select the logging tab.
    >> The log is in the %systemroot%\system32\dns directory
    >>
    >>
    >> --?
    >> Best regards,
    >> Kevin D4 Dad Goodknecht Sr. [MVP]
    >> Hope This Helps
    >> ===================================
    >> When responding to posts, please "Reply to Group"
    >> via your newsreader so that others may learn and
    >> benefit from your issue, to respond directly to
    >> me remove the nospam. from my email address.
    >> ===================================
    >> http://www.lonestaramerica.com/
    >> ===================================
    >> Use Outlook Express?... Get OE_Quotefix:
    >> It will strip signature out and more
    >> http://home.in.tum.de/~jain/software/oe-quotefix/
    >> ===================================
    >> Keep a back up of your OE settings and folders
    >> with OEBackup:
    >> http://www.oehelp.com/OEBackup/Default.aspx
    >> ===================================
    > Thanks for your advice, but this is still not working. I tried to
    > right-click the server name, went to logging, checked all possibilities
    > and
    > restarted the DNS service. The network had a lot of traffic over several
    > hours, resolving hundreds of URLs. still the winnt/system32/dns/dns.log
    > has
    > 0 bytes. The two other files there (cache.dns & 1.1.10.in-addr.arpa) are
    > not 0 bytes, but there is no record of queries being solved. I then
    > checked
    > that the clients do not have any other DNS servers showing up in
    > ipconfig /all, and they all point to 10.1.1.1, which is the fixed IP
    > adress
    > of the DNS server.
    > I was thinking that maybe my DNS simply forwards everything to the ISPs
    > DNS
    > server, and therefore all resolving is done there? How can I find out for
    > certain if this is the case?
    > Thanx!
  6. Archived from groups: microsoft.public.win2000.dns (More info?)

    Ken B wrote:

    > What happens if you try to ping something inside your network by fqdn?
    >
    > "Lordosis" <poppers2000@hotmail.com> wrote in message
    > news:lnp5e.4807$4c.620000@juliett.dax.net...
    >> Kevin D. Goodknecht Sr. [MVP] wrote:
    >>
    >>> Lordosis wrote:
    >>>> Kevin D. Goodknecht Sr. [MVP] wrote:
    >>>>
    >>>>> In news:ACQ4e.4689$4c.606952@juliett.dax.net,
    >>>>> Lordosis <poppers2000@hotmail.com> commented
    >>>>> Then Kevin replied below:
    >>>>>> Hi, I need help to set up logging on a DNS server. I've
    >>>>>> (truly) read the help files and I still don't get it ;-)
    >>>>>> What I want to do is to have the DNS server log all
    >>>>>> queries to a text file. I want all queries from all (3)
    >>>>>> clients to be logged. I would also like to have a way to
    >>>>>> "pipe" this to the screen, just like you can "tail" a
    >>>>>> logfile if you use Linux. Is this possible to do? That is
    >>>>>> to redirect output to screen (black little window is OK)?
    >>>>>> Any help appreciated.
    >>>>>> Pete
    >>>>>
    >>>>> DNS can log all queries using advanced logging, I'm sure you can
    >>>>> programatically pipe it to an application if you can program an app
    >>>>> to do it.
    >>>>> That said, DNS is normally a read only application and can handle
    >>>>> hundreds of queries per second, but if it has to write the queries
    >>>>> to a log, it will slow it considerably and make it too slow to keep
    >>>>> up the pace. Advanced logging is intended for short term diagnosing
    >>>>> of DNS problems and should never be used long term, just to see what
    >>>>> queries DNS is getting.
    >>>>>
    >>>> Well, I understand that it should not run debugging over a long
    >>>> period of time, but I want to do this for a while even if it slows
    >>>> down my DNS to a crawl :-)
    >>>> How do I turn on this logging at all? I tried to check Queries,
    >>>> Questions, Answers, TCP and UDP, but absolutely nothing shows up in
    >>>> the DNS log. I tried to restart the service, nothing in the log. I
    >>>> tried to check all possibilities, restarted DNS an still nothing in
    >>>> the log?! The "piping to screen" can wait, but how do I get a log of
    >>>> which queries are sent and resolved? The network is working, URLs are
    >>>> resolved and pages from the web are loading so DNS must be working.
    >>>> Pete (slightly confused)...
    >>>
    >>> In the DNS Management console, right click on the DNS server name,
    >>> choose properties, select the logging tab.
    >>> The log is in the %systemroot%\system32\dns directory
    >>>
    >>>
    >>> --?
    >>> Best regards,
    >>> Kevin D4 Dad Goodknecht Sr. [MVP]
    >>> Hope This Helps
    >>> ===================================
    >>> When responding to posts, please "Reply to Group"
    >>> via your newsreader so that others may learn and
    >>> benefit from your issue, to respond directly to
    >>> me remove the nospam. from my email address.
    >>> ===================================
    >>> http://www.lonestaramerica.com/
    >>> ===================================
    >>> Use Outlook Express?... Get OE_Quotefix:
    >>> It will strip signature out and more
    >>> http://home.in.tum.de/~jain/software/oe-quotefix/
    >>> ===================================
    >>> Keep a back up of your OE settings and folders
    >>> with OEBackup:
    >>> http://www.oehelp.com/OEBackup/Default.aspx
    >>> ===================================
    >> Thanks for your advice, but this is still not working. I tried to
    >> right-click the server name, went to logging, checked all possibilities
    >> and
    >> restarted the DNS service. The network had a lot of traffic over several
    >> hours, resolving hundreds of URLs. still the winnt/system32/dns/dns.log
    >> has
    >> 0 bytes. The two other files there (cache.dns & 1.1.10.in-addr.arpa) are
    >> not 0 bytes, but there is no record of queries being solved. I then
    >> checked
    >> that the clients do not have any other DNS servers showing up in
    >> ipconfig /all, and they all point to 10.1.1.1, which is the fixed IP
    >> adress
    >> of the DNS server.
    >> I was thinking that maybe my DNS simply forwards everything to the ISPs
    >> DNS
    >> server, and therefore all resolving is done there? How can I find out for
    >> certain if this is the case?
    >> Thanx!
    I get an answer if I ping by hostname and ig I ping by FQDN and if I ping by
    IP adress. Name resolution seems to work...
Ask a new question

Read More

DNS Server Microsoft DNS Windows