Windows DNS Server graphical troubleshooting tools

 

This post is somehow a sequel to the DNS on Windows for Unix (and other) guys.

Using the DNS Management Console, you already have a set of useful tabs for troubleshooting purposes:

  • Monitoring also you to perform simple test queries:

Windows-DNSServer-Properties-Monitoring

  • Debug Logging is more interesting as it works as a dedicated network packet capture tool:
    • Please note that there’s no browse button to fill in the ‘File Path and name’ so you have to type the path (I choose to put that into C:\Windows\temp but you can put it elsewhere as long as the DNS Server service can write to that location)

    Windows-DNSServer-Properties-DebugLogging

    • You then obtain data like this excerp: ```
      DNS Server log file creation at 5/21/2015 1:51:18 PM
        Log file wrap at 5/21/2015 1:51:18 PM
              
        Message logging key (for packets - other items use a subset of these fields):
        	Field #  Information         Values
        	-------  -----------         ------
        	   1     Date
        	   2     Time
        	   3     Thread ID
        	   4     Context
        	   5     Internal packet identifier
        	   6     UDP/TCP indicator
        	   7     Send/Receive indicator
        	   8     Remote IP
        	   9     Xid (hex)
        	  10     Query/Response      R = Response
        	                             blank = Query
        	  11     Opcode              Q = Standard Query
        	                             N = Notify
        	                             U = Update
        	                             ? = Unknown
        	  12     [ Flags (hex)
        	  13     Flags (char codes)  A = Authoritative Answer
        	                             T = Truncated Response
        	                             D = Recursion Desired
        	                             R = Recursion Available
        	  14     ResponseCode ]
        	  15     Question Type
        	  16     Question Name
              
        5/21/2015 1:51:18 PM 0D48 PACKET  000000000181D1C0 UDP Rcv 10.250.2.246    0c6b   Q [0001   D   NOERROR] A      (10)sitecheck2(5)opera(3)com(0)
        5/21/2015 1:51:18 PM 0D48 PACKET  000000000509A200 UDP Snd 10.250.128.151  b94d   Q [0001   D   NOERROR] A      (10)sitecheck2(5)opera(3)com(0)
        5/21/2015 1:51:18 PM 0D48 PACKET  00000000045FDBF0 UDP Rcv 10.250.128.151  b94d R Q [8081   DR  NOERROR] A      (10)sitecheck2(5)opera(3)com(0)
        5/21/2015 1:51:18 PM 0D48 PACKET  000000000181D1C0 UDP Snd 10.250.2.246    0c6b R Q [8081   DR  NOERROR] A      (10)sitecheck2(5)opera(3)com(0)
        5/21/2015 1:51:18 PM 0D48 PACKET  0000000003FBFAE0 UDP Rcv 10.250.2.246    1425   Q [0001   D   NOERROR] A      (5)ctldl(13)windowsupdate(3)com(0)
        5/21/2015 1:51:18 PM 0D48 PACKET  000000000181D1C0 UDP Snd 10.250.128.151  b866   Q [0001   D   NOERROR] A      (5)a1621(1)g(6)akamai(3)net(0)
        5/21/2015 1:51:18 PM 0D44 PACKET  00000000045FDBF0 UDP Rcv 10.250.2.246    c556   Q [0001   D   NOERROR] A      (5)ctldl(13)windowsupdate(3)com(0)
        5/21/2015 1:51:18 PM 0D44 PACKET  000000000534C850 UDP Rcv 10.250.128.151  b866 R Q [8081   DR  NOERROR] A      (5)a1621(1)g(6)akamai(3)net(0)
        5/21/2015 1:51:18 PM 0D44 PACKET  0000000003FBFAE0 UDP Snd 10.250.2.246    c556 R Q [8081   DR  NOERROR] A      (5)ctldl(13)windowsupdate(3)com(0)
        5/21/2015 1:51:18 PM 0D44 PACKET  0000000003FBFAE0 UDP Snd 10.250.2.246    1425 R Q [8081   DR  NOERROR] A      (5)ctldl(13)windowsupdate(3)com(0)
        5/21/2015 1:51:18 PM 0D44 PACKET  000000000534C850 UDP Rcv 10.250.2.246    10ab   Q [0001   D   NOERROR] A      (10)duckduckgo(3)com(0)
        5/21/2015 1:51:18 PM 0D44 PACKET  0000000003FBFAE0 UDP Snd 10.250.128.151  a7cb   Q [0001   D   NOERROR] A      (10)duckduckgo(3)com(0)
        ...
        ```
              
        As you can see the header is full of information, from the time the log was taken/wrapped (these are local times to the server) to a complete reminder of the various fields you may encounter.