Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, March 3, 2014 10:20 PM
2k8r2
All of my DC's have their DNS configured in "Event Logging" = All events, but the when looking at DNS Server log in event viewer I have 0 log events. The DNS service is running and listening on TCP/UDP 53. Thoughts?
All replies (9)
Wednesday, March 19, 2014 4:54 AM âś…Answered
The event log itself will provide DNS server service benign informational messages and critical errors. As I said earlier, I hardly see anything at all, and in somce cases, lots of time in between messages, other than some super importance other than issues about the service itself that most of the time I ignore because it was a power outage or a DC was restarting.
Here is an example of what to find:
Check DNS Event Log
http://technet.microsoft.com/en-us/library/cc755402(v=WS.10).aspx
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Tuesday, March 4, 2014 5:44 AM
Hi,
Run ipconfig /registerdns on one of your DNS clients, wait for a while and then check the result.
In my test, there is some time delay before the event generated.
If you want detail log, you can enable DNS debug logging.
Right click DNS server->Properties->Debug logging->Log packets for debugging
Hope this helps.
Tuesday, March 4, 2014 4:53 PM
Sadly no events logged on any DNS servers as viewed within event viewer, after ipconfig /registerdns. DNS client is configured to point to all 3 DNS and WINS server IPs before registerdns command.
I was able to enable debug logging and read through DNS events as they accumulated withing the log file generated. This still doesn't explain why I have 0 events in my DNS log within event viewer.
Wednesday, March 5, 2014 5:53 AM
Were there any registry changes made to only generate error events in the event logs?
Here's an old post that I replied to 1000 years ago, ok, 10 years ago, (:-)) that referred to Windows 2000, but it applies to current operating systems.
DNS Server not Logging
http://www.tomshardware.com/forum/196185-46-server-logging
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Wednesday, March 5, 2014 2:31 PM
EventLogLevel was absent at the following path; HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters
After I flipped the setting back and forth, the key showed back up. Since no events are showing up yet, it makes since that I should restart the service to see if it starts generating events. I'll let you know what the results are.
Wednesday, March 5, 2014 11:44 PM
You might not see anything for weeks in the DNS event viewer log. I'm looking at a customer's logs at the moment, and there was an issue when there was a power outage on 2/15, then nothing after that. Prior to that was something minor at 2/3, then prior to that was a month before on 1/3, and before that was 11/28.
Is there anything specific you're looking for that you are having issues with and need troubleshooting that we can specifically help with?
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Monday, March 17, 2014 9:17 PM
I had to wait until patch Tuesday's maintenance restart. It looks like I still have 0 event log entries on all of my servers.
We have clients at our site that are provisioned dns services that are not our AD DNS. The provided DNS service has a forward lookup for our domain. I need to be able to verify when a client is querying our AD DNS.
Tuesday, March 18, 2014 2:52 AM | 1 vote
That log won't show you queries. You'll want to enable logging under the Debug Logging tab. You may also want to run a network packet capture for further data.
Here's more info from my notes. I hope you find them helpful.
==========
Who is using my DNS?
Enable DNS Request Logging for Windows 2003/2008
https://support.appriver.com/KB/a669/enable-dns-request-logging-for-windows-20032008.aspx
Nagios - DNS Monitoring
http://www.nagios.com/solutions/dns-monitoring
Using server debug logging options
http://technet.microsoft.com/en-us/library/cc776361.aspx
The fun in DNS debug logging - Read the DNS Debug log
http://social.technet.microsoft.com/wiki/contents/articles/13640.the-fun-in-dns-debug-logging-read-the-dns-debug-log.aspx
Filter DNS Debug Log
http://gallery.technet.microsoft.com/scriptcenter/Filter-DNS-Debug-Log-75ccc153
Technet: "How can I tell who is using my dns server?" 12/22/2012
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/fc4ce750-d5ac-4669-a22d-88b8c9f8fc11/
Technet: "Retiring DNS Server" 5/11/2009
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/d6b5ebca-e030-4d2c-ac08-ecfb4e7daaa1
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Tuesday, March 18, 2014 1:36 PM
Debugging makes sense for investigating issues. What WILL get logged in event viewer under the DNS server, if ever?