Share via

How to log Windows DNS server reply

Semen Anikin (Finstek) 47 Reputation points
2024-03-25T12:27:03.7433333+00:00

Hi there. I am trying to find a solution to log the Windows DNS server replies (what ip address returns during resolution or time out). In the both logs I can only get what request came to the DNS but no information what DNS returned. Please help me to troubleshoot DNS server.

My configuration:

I have 2 Azure VMs that hold Active Directory. IP addresses of both VMs listed in the custom DNS of VNET. I deployed an Application Gateway within this VNET. The Application Gateway sometimes return DNS resolving error and it doesn't have any console to troubleshooting.

User's image

User's image

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,637 questions
0 comments
Accepted answer
  1. Jing Zhou 5,210 Reputation points Microsoft Vendor
    2024-03-28T04:44:16.2866667+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    As DNS debug log provides limited parameter to log the information, here I will suggest you run network trace to capture the DNS resolution failure.

    1.If we can always reproduce the issue, please:

    Open CMD windows as admin on both of client and server and run following command to start the monitor:

    netsh trace start capture=yes tracefile=c:\nettrace.etl maxsize=1024 overwrite=yes report=disabled

    Once DNS resolution failure shows up, stop the trace on both ends by:

    Netsh trace stop

    2.If the issue happens intermittently, please:

    Open CMD windows as admin on both of client and server and run following command to start the monitor:

    NMCap.exe /Network * /Capture /File C:Netmon.chn:500MB

    Once issue reproduces, press control + C to stop the trace on both ends. You would see all files in C:.

    Notes: As there's are high traffic flow on DNS Server, it will take huge space if the monitor is always running. Please clear unnecessary traffic captured on time to avoid waste of disk space.

    Hope this answer can help you well.

     

    Best regards,

    Jill Zhou

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. glebgreenspan 1,835 Reputation points
    2024-03-25T12:41:15.9633333+00:00

    Hello Semen

    To troubleshoot DNS resolution issues on your Windows DNS servers, you can enable DNS debug logging to capture more detailed information about the requests and responses. Here's how you can do it:

    1.     Enable DNS debug logging on the Windows DNS server:

    o    Open the DNS Manager on your Windows DNS server.

    o    Right-click on the server name and select "Properties."

    o    Go to the "Debug Logging" tab.

    o    Check the "Log packets for debugging" box.

    o    Select the "Event packets" option under "Debug packet type."

    o    Set the log file path where you want to save the log files.

    o    Click "Apply" and "OK" to save the settings.

    2.     Monitor the DNS debug log files:

    o    Look for log files in the path you specified earlier. These log files will contain detailed information about DNS queries and responses.

    o    Analyze the log files to see the DNS queries and responses, including the IP addresses returned during resolution or timeouts.

    3.     Troubleshoot DNS resolution errors:

    o    Check the DNS debug log files for any errors or timeouts in DNS resolution.

    o    Look for specific entries related to the DNS requests made by the Application Gateway and the responses received from the DNS servers.

    o    Investigate any errors or timeouts to identify potential issues with DNS resolution.

    Additionally, you can also check the event logs on the Windows DNS servers for any DNS-related errors or warnings that may help troubleshoot the issue further.

    If you are still experiencing DNS resolution errors with the Application Gateway, it's recommended to test DNS resolution directly from the Azure VMs to verify if the DNS servers are returning the correct IP addresses. You can use tools like nslookup or dig for testing DNS resolution.

    By enabling DNS debug logging and analyzing the log files, you should be able to gather more information about the DNS replies and timeouts, which will help in troubleshooting the DNS resolution issues on your Windows DNS servers.

     

  2. Semen Anikin (Finstek) 47 Reputation points
    2024-04-08T13:09:10.67+00:00

    Hello @jing zhou . Your answer meets my requirements but I found better solution. The TSS script can do the same and gather additional logs into one place.

    1. Download TSS https://aka.ms/getTSS.
    2. Create a folder on the C drive named "TSS" as follows : C:\TSS

    Please start an elevated Powershell CMD window on the problem machine on which the issue is reproduced and then copy and paste the below cmdlet into that window:

    Set-ExecutionPolicy -scope Process -ExecutionPolicy RemoteSigned -Force

    Run the following TSS command(s) on your system(s):

    1. PS C:\TSS> .\TSS.ps1 -Scenario NET_DNSsrv
    2. Open file <hostname>__<date>-<time>packetcapture-InternetServer.etl with Microsoft Network Monitor
    3. In Microsoft Network Monitor click on Tools -> Options. Right click on Windows -> Set As Default
      User's image
    4. Search the IP address in the Display Filter.
      User's image
    0 comments