How to Enable DNS Logging and Diagnostics in Windows Server 2012 R2

DNS Logging and Diagnostics Setup and Configuration

Windows Server 2012 R2

The Enchanced DNS Logging and diagnostics tool is available in Windows Server 2016 Technical Preview by default. You can also download the hotfix containing the query logging and auditing features from Microsfot at http://support.microsoft.com/kb/2956577.

Performance considerations

Before doing any type of logging it is a good idea to consider and plan accordingly for any impact on performance. The enchanched DNS logging and diagnostics that can be found in Windows Server 2012 and Windows Server 2016 Technical Preview has been created to reduce the impact on performance. Please see below for DNS server performance considerations.

 

Debug logging

Before the introduction of analytic logging for DNS, the DNS debug logging was the available method that was used to monitor DNS transactions. The DNS debug log is not the same as enchaned DNS logging and diagnostics feature which we will discuss here. Debug logging is a tool that is avaialble for DNS logging and diagnostics. If you would like to learn more plese see debugging logging optios. This log presents very detailed information about all DNS information that is being sent or received by the DNS server, similar to the data that can be found when gathering packet capture tools. Debug logging can affect overall server performance and consumes disk space and therefore should be only enabled on a temporary basis when troubleshooting or when detailed data is needed.

Audit and analytic event logging

 When using Enhanced DNS logging and disgnostics included in Windows Server 2012 R2 and later, the DNS audit logs are going to be enabled by default and do not have any significant impact on server performance. DNS analytical logs on the other hand are not enabled by default and generally will only have an affect on DNS server performance when there are very high DNS query rates. As an example, if a DNS server is running on modern hardware and is receiving 100,000 queries a second they can expect roughly a 5% degredation of performance with analytic logs enabled. For servers experiencing 50,000 queries a second or less Microsoft reports no performance impact. That being said, we still recommend monitoring your specific instance for any decrease in performance when enabling logging.

Installing and enabling DNS diagnostic logging

First and possibly obvious thing todo when wanting to enable DNS diagnostic logging n Windows Server 2012 R2 is to ensure that the DNS server is running DNS and that the Windows Server 2016 Technical Preview or later is installed.
User should be an Administrator or be a member in the Administrators group as this is the minimum required escilation required to complete these procedures.

 

To install DNS diagnostic logging

  1. If the DNS server is running Windows Server 2012 R2, download the hotfix from http://support.microsoft.com/kb/2956577.

  2. Double-click the self-extracting file, for example 475151_intl_x64_zip.exe.

  3. In the Microsoft Self-Extractor dialog box, click Continue.

  4. Enter the location where you want to save the extracted files, for example C:\hotfix. If the directory does not yet exist, you will be asked if you wish to create it. Click Yes and confirm that All files were successfully unzipped is displayed, then click Ok.

  5. In the location where files were unzipped, double-click the Windows Update file, for example Windows8.1-KB2956577-v2-x64.msu.

  6. The Windows Update Standalone Installer will verify that the computer meets requirements to install the update. These requirements include some prerequisite updates. When verification is complete, click Yes when asked if you wish to install the Hotfix for Windows (KB2956577).

  7. If recently downloaded updates have not yet been installed, you might need to restart the computer before the current hotfix can be installed. If this is required, you must restart the computer first and then run the Windows8.1-KB2956577-v2-x64.msu a second time after the computer has completed installing necessary updates. The Windows Update Standalone Installer will notify you that installation of the hotfix is not yet complete. If this happens, and you are prompted to restart the computer, click Restart Now.

  8. If the computer is ready to install the update when you run the hotfix, installation will complete and you must restart the computer for the update to take effect. If Installation complete is displayed, click Restart Now for the update to take effect.

You can confirm that the hotfix was successfully installed by viewing installed updates in the Programs and Features control panel. If the update is successfully installed, Hotfix for Microsoft Windows (KB2956577) will be displayed. You can also verify installation of the hotfix by typing wmic qfe | find “KB2956577” at an elevated command prompt. The URL and date of installation for the hotfix will be displayed if it was successfully installed.

To enable DNS diagnostic logging

  1. Type eventvwr.msc at an elevated command prompt and press ENTER to open Event Viewer.

  2. In Event Viewer, navigate to Applications and Services Logs\Microsoft\Windows\DNS-Server.

  3. Right-click DNS-Server, point to View, and then click Show Analytic and Debug Logs. The Analytical log will be displayed.

  4. Right-click Analytical and then click Properties.

  5. Under When maximum event log size is reached, choose Do not overwrite events (Clear logs manually), select the Enable logging checkbox, and click OK when you are asked if you want to enable this log. See the following example.

    DNS Logging
  6. Click OK again to enable the DNS Server Analytic event log.

By default, analytic logs are written to the file: %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl.

See the following sections for details about events that are displayed in the DNS server audit and analytic event logs.

Please follow, like and share Your Digital Mind:

David

I have been in the Information Technology industry for a little over a decade gaining a Bachelors degree in Information System Security and securing employment with various industries including Government, Financial, Healthcare, Corporate and the End User sectors. I started Your Digital Mind in 2016 as a way to share my love for Education, Technology and Science in an entertaining yet rewarding format. I hope you are learning and enjoying!

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *