DNS zone transfers not logging

2012-01-26

Question

_{Thursday, January 26, 2012 5:46 PM}

Hi Folks,

We have a standalone (non domain-joined) Win2K8 R2 SP1 machine running DNS. It is a primary for our domain's forward lookup zone. I am allowing zone transfers to our ISP's four DNS servers (only) and I have it configured to notify these servers as well.

If I edit the zone, by adding a host for example, the zone file version number is correctly incremented, and this is reflected in the event log with a 3150 from source DNS-Server-Service. However, I never see any 6001 events indicating a successful zone transfer thereafter. I know the zone has correctly transferred because running nslookup against my ISP's servers correctly resolves the added A record, but these events are not logged.

I do have Event Logging enabled for 'All Events', but I do not have debug logging enabled (the default). If it's necessary to enable debug logging for troubleshooting purposes, can someone offer some guidance as to what specifically I should be logging and what I should be looking for?

When this function was being handled previously by a Win2K3 server, it was logging all events reliably, so not sure why it's not now.

Any ideas? Thanks,

ianc

All replies (5)

_{Friday, January 27, 2012 4:11 AM ✅Answered}

Are both TCP and UDP open to your ISP's DNS? I believe the "DNS_EVENT_ZONEXFR_SUCCESSFUL," which triggers a 6001, is over UDP.

Ace

Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

_{Thursday, January 26, 2012 8:43 PM}

By default, DNS server logs all information, warnings and errors in the Event viewer to troubleshoot DNS server and to analyze performance in 2008. Enable 'All Events' in the Event Logging. ( to log informational actions, errors, and warnings)

you can find the DNS Server Zone Transfer Events info in the below link :

http://technet.microsoft.com/en-us/library/cc735850%28WS.10%29.aspx

Yes we have enable DNS debug logging to troubleshoot issues related to DNS queries or updates.

and Using server debug logging options :refer to the below link:

http://technet.microsoft.com/en-us/library/cc776361%28WS.10%29.aspx

hope this helps...

Gopi Kiran |Facebook| This posting is provided AS IS with no warranties,and confers no rights.

_{Thursday, January 26, 2012 10:06 PM}

Thanks for the post Gopi,

Unfortunately, I don't see immediately how it's helping. For the first link, I already know that 6001 is the missing event log id.

For the second link, enabling debug logging (it appears) will save copies of packets sent and received by the DNS server for analysis. However, I already know notification and zone transfer packets are being sent and received, since the DNS A records appear on the servers which are part of the notification list.

What is NOT happening is the event being recorded in the event log.

Any other ideas? Thanks,

ianc

_{Friday, January 27, 2012 5:33 PM}

<<Are both TCP and UDP open to your ISP's DNS? I believe the "DNS_EVENT_ZONEXFR_SUCCESSFUL," which triggers a 6001, is over UDP.>>

Ace, you are a genius!

I only had TCP open to my ISP's servers, so I opened UDP as well, created a test record, and very soon saw 6001 log entries indicating successful transfers to all remote servers.

Thanks again Ace, you rock!

ianc

_{Saturday, January 28, 2012 1:54 AM}

You're welcome! Glad to be of help! :-)

Ace

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Share via

DNS zone transfers not logging

Question

All replies (5)

Additional resources