Windows server DNS: Read the DNS Debug Log
DNS Debug logging
Why would you use DNS' debug logging? The answer is to track down problems with DNS queries, updates or notification errors. In my case we were in a process of transitioning windows 2003 domain controllers to windows 2008 R2 domain controllers.
So we decided to see which DNS clients (Server/client/dhcp servers) are still pointing towards the to be demoted 2003 domain controllers, so that we can ask to respective teams to correct this to avoid any disruption in environment.
I refer to the below article to Enable debug logging options on the DNS server
http://technet.microsoft.com/en-us/library/cc759581(v=ws.10).aspx
Select and enable debug logging options on the DNS server
To view a DNS server debug log file
http://technet.microsoft.com/en-us/library/cc776445(v=ws.10).aspx
To Read the DNS Debug Logs
This is the most important section of the article.Please follow the steps given below blindly
- Edit DNS log file using notepad (would recommend Notepad ++ if you are not using it already http://notepad-plus-plus.org/download/v6.1.6.html)
- Remove the first 30 lines or so (up to the first DNS query) & save the file.
- Remove blank lines and then save. You can use Excel for this, but for really large logs you will need to remove blank lines from the txt file before taking it into Excel as the delete rows from the filter may be too big for Excel (Notepad ++ is good for this - replace \n\r with blank).
Now you have a txt file with just queries in.
- Open Excel and then open file with a space delimiter.
- All of the incoming IP addresses will now be in 1 column (probably H). Delete all other columns and save to an XL format file.
- Highlight data and do an advanced filter and select `Unique records only`. Copy the data to a fresh worksheet or text file.
Now you have all of the incoming addresses in their singular. From here it is easy to resolve the names etc.
Script
In one scenario I found 2500 host records in one log so I used the below script to find the hostname. I copied all the ip address to a text file(IPList.Txt) and ran the script.
. I found the parts of the script in google, just joined it together it works just fine
‘==================================================================================================
Dim StrHost, strIP, strPingResult, IntLatency
intRow = 2
Set objExcel = CreateObject("Excel.Application")
With objExcel
.Visible = True
.Workbooks.Add
.Cells(1, 1).Value = "XXXXXXXXXXXXXXXXXXXXXXXXXXX"
.Cells(1, 2).Value = "XXXXXXXXXXXXXX"
.Cells(1, 3).Value = "XXXXXXX"
.Cells(1, 4).Value = "XXXXXXX"
.Range("A1:D1").Select
.Cells.EntireColumn.AutoFit
.Cells(1, 1).Value = "Hostname"
.Cells(1, 2).Value = "IP"
.Cells(1, 3).Value = "Result"
.Cells(1, 4).Value = "Latency"
End With
'--- Input Text File in the path C:\temp\ IPList.Txt with IP Addresses
Set Fso = CreateObject("Scripting.FileSystemObject")
Set InputFile = fso.OpenTextFile("c:\Temp\IPList.Txt")
Do While Not (InputFile.atEndOfStream)
StrHost = InputFile.ReadLine
Set WshShell = WScript.CreateObject("WScript.Shell")
Call PINGlookup( StrHost, strIP, strPingResult, intLatency )
With objExcel
.Cells(intRow, 1).Value = StrHost
.Cells(intRow, 2).Value = strIP
.Cells(intRow, 3).Value = strPingResult
.Cells(intRow, 4).Value = intLatency
End With
intRow = intRow + 1
Loop
With objExcel
.Range("A1:D1").Select
.Selection.Interior.ColorIndex = 19
.Selection.Font.ColorIndex = 11
.Selection.Font.Bold = True
.Cells.EntireColumn.AutoFit
End With
Sub PINGlookup(ByRef StrHost, ByRef strIP, ByRef strPingResult, ByRef intLatency )
' In this subroutine both IP address and DNS name is allowed & Function will return the opposite
' Check if the Hostname is an IP address
Set oRE = New RegExp
oRE.Pattern = "^[0-9]{1,3}\[0-9]{1,3}\[0-9]{1,3}\[0-9]{1,3}$"
strMachine = StrHost
bIsIP = oRE.Test(strMachine)
If bIsIP Then
strIP = strMachine
StrHost = "-------"
Else
strIP = "-------"
StrHost = strMachine
End If
'To get a temp filename and open it
Set osShell = CreateObject("Wscript.Shell")
Set oFS = CreateObject("Scripting.FileSystemObject")
sTemp = osShell.ExpandEnvironmentStrings("%TEMP%")
sTempFile = sTemp & "\ & oFS.GetTempName
' PING and check if the IP adrress exists
intT1 = Fix( Timer * 1000 )
osShell.Run "%ComSpec% /c ping -a " & strMachine & " -n 1 > " & sTempFile, 0, True
intT2 = Fix( Timer * 1000 )
intLatency = Fix( intT2 - intT1 ) / 1000
' Open the temp Text File and Read out the Data line by line
Set oTF = oFS.OpenTextFile(sTempFile)
' To parse the temp text file
strPingResult = "-------" 'assume failed
Do While Not oTF.AtEndoFStream
strLine = Trim(oTF.Readline)
If strLine = "" Then
strFirstWord = ""
Else
arrStringLine = Split(strLine, " ", -1, 1)
strFirstWord = arrStringLine(0)
End If
Select Case strFirstWord
Case "Pinging"
If arrStringLine(2) = "with" Then
strPingResult = "-------"
StrHost = "-------"
Else
StrHost = arrStringLine(1)
strIP = arrStringLine(2)
strLen = Len( strIP ) - 2
strIP = Mid( strIP, 2, strLen )
strPingResult = "Ok"
End If
Exit Do
'End Case
Case "Ping" ' pinging non existing hostname
strPingResult = "------"
Exit Do
'End Case
End Select
Loop
'to Close it
oTF.Close
'To delete It
oFS.DeleteFile sTempFile
End Sub
‘===============================================================================
Disable Debug logging
http://technet.microsoft.com/en-us/library/cc783664(v=ws.10).aspx