This post is somehow a sequel to the DNS on Windows for Unix (and other) guys.
Using the DNS Management Console, you already have a set of useful tabs for troubleshooting purposes:
- Monitoring also you to perform simple test queries:
- Debug Logging is more interesting as it works as a dedicated network packet capture tool:
- Please note that there’s no browse button to fill in the ‘File Path and name’ so you have to type the path (I choose to put that into C:\Windows\temp but you can put it elsewhere as long as the DNS Server service can write to that location)
- You then obtain data like this excerp:
12345678910111213141516171819202122232425262728293031323334353637383940414243DNS Server log file creation at 5/21/2015 1:51:18 PMLog file wrap at 5/21/2015 1:51:18 PMMessage logging key (for packets - other items use a subset of these fields):Field # Information Values------- ----------- ------1 Date2 Time3 Thread ID4 Context5 Internal packet identifier6 UDP/TCP indicator7 Send/Receive indicator8 Remote IP9 Xid (hex)10 Query/Response R = Responseblank = Query11 Opcode Q = Standard QueryN = NotifyU = Update? = Unknown12 [ Flags (hex)13 Flags (char codes) A = Authoritative AnswerT = Truncated ResponseD = Recursion DesiredR = Recursion Available14 ResponseCode ]15 Question Type16 Question Name5/21/2015 1:51:18 PM 0D48 PACKET 000000000181D1C0 UDP Rcv 10.250.2.246 0c6b Q [0001 D NOERROR] A (10)sitecheck2(5)opera(3)com(0)5/21/2015 1:51:18 PM 0D48 PACKET 000000000509A200 UDP Snd 10.250.128.151 b94d Q [0001 D NOERROR] A (10)sitecheck2(5)opera(3)com(0)5/21/2015 1:51:18 PM 0D48 PACKET 00000000045FDBF0 UDP Rcv 10.250.128.151 b94d R Q [8081 DR NOERROR] A (10)sitecheck2(5)opera(3)com(0)5/21/2015 1:51:18 PM 0D48 PACKET 000000000181D1C0 UDP Snd 10.250.2.246 0c6b R Q [8081 DR NOERROR] A (10)sitecheck2(5)opera(3)com(0)5/21/2015 1:51:18 PM 0D48 PACKET 0000000003FBFAE0 UDP Rcv 10.250.2.246 1425 Q [0001 D NOERROR] A (5)ctldl(13)windowsupdate(3)com(0)5/21/2015 1:51:18 PM 0D48 PACKET 000000000181D1C0 UDP Snd 10.250.128.151 b866 Q [0001 D NOERROR] A (5)a1621(1)g(6)akamai(3)net(0)5/21/2015 1:51:18 PM 0D44 PACKET 00000000045FDBF0 UDP Rcv 10.250.2.246 c556 Q [0001 D NOERROR] A (5)ctldl(13)windowsupdate(3)com(0)5/21/2015 1:51:18 PM 0D44 PACKET 000000000534C850 UDP Rcv 10.250.128.151 b866 R Q [8081 DR NOERROR] A (5)a1621(1)g(6)akamai(3)net(0)5/21/2015 1:51:18 PM 0D44 PACKET 0000000003FBFAE0 UDP Snd 10.250.2.246 c556 R Q [8081 DR NOERROR] A (5)ctldl(13)windowsupdate(3)com(0)5/21/2015 1:51:18 PM 0D44 PACKET 0000000003FBFAE0 UDP Snd 10.250.2.246 1425 R Q [8081 DR NOERROR] A (5)ctldl(13)windowsupdate(3)com(0)5/21/2015 1:51:18 PM 0D44 PACKET 000000000534C850 UDP Rcv 10.250.2.246 10ab Q [0001 D NOERROR] A (10)duckduckgo(3)com(0)5/21/2015 1:51:18 PM 0D44 PACKET 0000000003FBFAE0 UDP Snd 10.250.128.151 a7cb Q [0001 D NOERROR] A (10)duckduckgo(3)com(0)...
As you can see the header is full of information, from the time the log was taken/wrapped (these are local times to the server) to a complete reminder of the various fields you may encounter.
Is there any way to skip the file header information from getting generating in file?
Not to my knowledge, but a powershell Import-CSV with Header, Delimiter options piped to a Select Object with Skip may do the trick quickly