This post is somehow a sequel to the DNS on Windows for Unix (and other) guys.

Using the DNS Management Console, you already have a set of  useful tabs for troubleshooting purposes:

• Monitoring also you to perform simple test queries:

• Debug Logging is more interesting as it works as a dedicated network packet capture tool:
  • Please note that there’s no browse button to fill in the ‘File Path and name’ so you have to type the path (I choose to put that into C:\Windows\temp but you can put it elsewhere as long as the DNS Server service can write to that location)

  

  • You then obtain data like this excerp:
    
    DNS Log file on Windows

    DNS Server log file creation at 5/21/2015 1:51:18 PM Log file wrap at 5/21/2015 1:51:18 PM Message logging key (for packets - other items use a subset of these fields): Field # Information Values ------- ----------- ------ 1 Date 2 Time 3 Thread ID 4 Context 5 Internal packet identifier 6 UDP/TCP indicator 7 Send/Receive indicator 8 Remote IP 9 Xid (hex) 10 Query/Response R = Response blank = Query 11 Opcode Q = Standard Query N = Notify U = Update ? = Unknown 12 [ Flags (hex) 13 Flags (char codes) A = Authoritative Answer T = Truncated Response D = Recursion Desired R = Recursion Available 14 ResponseCode ] 15 Question Type 16 Question Name 5/21/2015 1:51:18 PM 0D48 PACKET 000000000181D1C0 UDP Rcv 10.250.2.246 0c6b Q [0001 D NOERROR] A (10)sitecheck2(5)opera(3)com(0) 5/21/2015 1:51:18 PM 0D48 PACKET 000000000509A200 UDP Snd 10.250.128.151 b94d Q [0001 D NOERROR] A (10)sitecheck2(5)opera(3)com(0) 5/21/2015 1:51:18 PM 0D48 PACKET 00000000045FDBF0 UDP Rcv 10.250.128.151 b94d R Q [8081 DR NOERROR] A (10)sitecheck2(5)opera(3)com(0) 5/21/2015 1:51:18 PM 0D48 PACKET 000000000181D1C0 UDP Snd 10.250.2.246 0c6b R Q [8081 DR NOERROR] A (10)sitecheck2(5)opera(3)com(0) 5/21/2015 1:51:18 PM 0D48 PACKET 0000000003FBFAE0 UDP Rcv 10.250.2.246 1425 Q [0001 D NOERROR] A (5)ctldl(13)windowsupdate(3)com(0) 5/21/2015 1:51:18 PM 0D48 PACKET 000000000181D1C0 UDP Snd 10.250.128.151 b866 Q [0001 D NOERROR] A (5)a1621(1)g(6)akamai(3)net(0) 5/21/2015 1:51:18 PM 0D44 PACKET 00000000045FDBF0 UDP Rcv 10.250.2.246 c556 Q [0001 D NOERROR] A (5)ctldl(13)windowsupdate(3)com(0) 5/21/2015 1:51:18 PM 0D44 PACKET 000000000534C850 UDP Rcv 10.250.128.151 b866 R Q [8081 DR NOERROR] A (5)a1621(1)g(6)akamai(3)net(0) 5/21/2015 1:51:18 PM 0D44 PACKET 0000000003FBFAE0 UDP Snd 10.250.2.246 c556 R Q [8081 DR NOERROR] A (5)ctldl(13)windowsupdate(3)com(0) 5/21/2015 1:51:18 PM 0D44 PACKET 0000000003FBFAE0 UDP Snd 10.250.2.246 1425 R Q [8081 DR NOERROR] A (5)ctldl(13)windowsupdate(3)com(0) 5/21/2015 1:51:18 PM 0D44 PACKET 000000000534C850 UDP Rcv 10.250.2.246 10ab Q [0001 D NOERROR] A (10)duckduckgo(3)com(0) 5/21/2015 1:51:18 PM 0D44 PACKET 0000000003FBFAE0 UDP Snd 10.250.128.151 a7cb Q [0001 D NOERROR] A (10)duckduckgo(3)com(0) ...

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

    DNS Server log file creation at 5/21/2015 1:51:18 PM Log file wrap at 5/21/2015 1:51:18 PM   Message logging key (for packets - other items use a subset of these fields): Field #  Information         Values -------  -----------         ------    1     Date    2     Time    3     Thread ID    4     Context    5     Internal packet identifier    6     UDP/TCP indicator    7     Send/Receive indicator    8     Remote IP    9     Xid (hex)   10     Query/Response      R = Response                              blank = Query   11     Opcode              Q = Standard Query                              N = Notify                              U = Update                              ? = Unknown   12     [ Flags (hex)   13     Flags (char codes)  A = Authoritative Answer                              T = Truncated Response                              D = Recursion Desired                              R = Recursion Available   14     ResponseCode ]   15     Question Type   16     Question Name   5/21/2015 1:51:18 PM 0D48 PACKET  000000000181D1C0 UDP Rcv 10.250.2.246    0c6b   Q [0001   D   NOERROR] A      (10)sitecheck2(5)opera(3)com(0) 5/21/2015 1:51:18 PM 0D48 PACKET  000000000509A200 UDP Snd 10.250.128.151  b94d   Q [0001   D   NOERROR] A      (10)sitecheck2(5)opera(3)com(0) 5/21/2015 1:51:18 PM 0D48 PACKET  00000000045FDBF0 UDP Rcv 10.250.128.151  b94d R Q [8081   DR  NOERROR] A      (10)sitecheck2(5)opera(3)com(0) 5/21/2015 1:51:18 PM 0D48 PACKET  000000000181D1C0 UDP Snd 10.250.2.246    0c6b R Q [8081   DR  NOERROR] A      (10)sitecheck2(5)opera(3)com(0) 5/21/2015 1:51:18 PM 0D48 PACKET  0000000003FBFAE0 UDP Rcv 10.250.2.246    1425   Q [0001   D   NOERROR] A      (5)ctldl(13)windowsupdate(3)com(0) 5/21/2015 1:51:18 PM 0D48 PACKET  000000000181D1C0 UDP Snd 10.250.128.151  b866   Q [0001   D   NOERROR] A      (5)a1621(1)g(6)akamai(3)net(0) 5/21/2015 1:51:18 PM 0D44 PACKET  00000000045FDBF0 UDP Rcv 10.250.2.246    c556   Q [0001   D   NOERROR] A      (5)ctldl(13)windowsupdate(3)com(0) 5/21/2015 1:51:18 PM 0D44 PACKET  000000000534C850 UDP Rcv 10.250.128.151  b866 R Q [8081   DR  NOERROR] A      (5)a1621(1)g(6)akamai(3)net(0) 5/21/2015 1:51:18 PM 0D44 PACKET  0000000003FBFAE0 UDP Snd 10.250.2.246    c556 R Q [8081   DR  NOERROR] A      (5)ctldl(13)windowsupdate(3)com(0) 5/21/2015 1:51:18 PM 0D44 PACKET  0000000003FBFAE0 UDP Snd 10.250.2.246    1425 R Q [8081   DR  NOERROR] A      (5)ctldl(13)windowsupdate(3)com(0) 5/21/2015 1:51:18 PM 0D44 PACKET  000000000534C850 UDP Rcv 10.250.2.246    10ab   Q [0001   D   NOERROR] A      (10)duckduckgo(3)com(0) 5/21/2015 1:51:18 PM 0D44 PACKET  0000000003FBFAE0 UDP Snd 10.250.128.151  a7cb   Q [0001   D   NOERROR] A      (10)duckduckgo(3)com(0) ...

    
    As you can see the header is full of information, from the time the log was taken/wrapped (these are local times to the server) to a complete reminder of the various fields you may encounter.