Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, July 20, 2015 3:34 PM
Hello There,
When I verify my DNS server logs, I see that there are multiple requests sent out to external DNS server to resolve IP address of a site which is malicious.
Is there a way I can find out which client is triggering that DNS request? preferably without Wire shark.
Thanks in advance..
Mah
Mahi
All replies (1)
Tuesday, July 21, 2015 7:47 AM âś…Answered
Hi Mahi,
I suppose we could use Debug Logging. We could analyze the packets for detailed information.
Using server debug logging options:
https://technet.microsoft.com/en-us/library/cc776361%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
Select and enable debug logging options on the DNS server:
https://technet.microsoft.com/en-us/library/cc759581(v=ws.10).aspx
View a DNS server debug log file:
https://technet.microsoft.com/en-us/library/cc776445(v=ws.10).aspx
Best Regards,
Leo
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].