How to Enable Event Logging in Windows DNS Server

There was a time when the user wishes to capture the trail of events happening in the DNS server. It was mainly done for auditing work or for troubleshooting. However, the user should always keep in mind that the DNS server is capable or eligible for running the DNS event logging service. In fact, the windows DNS server holds this capacity by default. In the following case, we will mainly concentrate on the steps that are required for logging in Windows DNS server. As it is a very important task so it will be highly interesting to know about the matter.

It must be made clear that gone are the days of the traditional mode of working. The modern man is mostly relying on advanced tools and machinery that are far better and smoother. In fact, enhanced DNS logging and its diagnostics process are always supported in versions of Windows Server only when the DNS Server role is added to the Windows. Moreover, the role of the filter in such case is quite crucial because they are always specific and to the point. It is really a very good quality that is often required in this type of projects. The common requirement on Microsoft Windows DNS server is auditing changes. Without it, the whole process seems to be absolutely incomplete. 

Complete guide on How to Enable Event Logging in Windows DNS Server

How to Enable Event Logging in Windows DNS Server

In the first case in order to turn on DNS logging for a Microsoft Windows server, the following steps are required. It is quite important to be followed.

  • Firstly, hit the control-ESC.
  • Then click on the administrative tool.
  • Next, select the DNS. 
  • Then, right-click on the DNS server and select the properties.
  • In the next level, click on the Debug logging Tab.

Again, check the box that is next to the Log packets for debugging. Make it sure that at least incoming or UDP or any type of transfers or queries are properly checked.

Now click OK.

If the user does not want to see any type of events, then they can simply click on the events logging tab and set the values for log the following events to No events. After doing it, simply click OK.

click on the events logging tab and set the values

Read more: Steps to Configure Aging and Scavenging in Windows DNS Server

Examination of the DNS Logs in Event Viewer:

The moment event logging is configured the user can easily see the logged events On the Event Viewer snap-in. It can be done by simply going to the Event viewer > application and service logs>DNS server.

If there is any type of DNS then that will be listed here mainly depending upon the steps to configure them. If it is found that, the server is configured to log “all events” then the user will notice all types of logs such as warnings, informational messages and error messages. The user can click on the event name for viewing all the event details such as the IP, event description error code and all other information’s that can be helpful for troubleshooting.  The image in the next level will make the whole thing absolutely clear. It can be an ideal way to describe the whole process.

Enable Event Logging in Windows DNS Server

There is a valuable and free tool that will enable the user to examine the Microsoft Windows DNS files and that is named as Windows DNS Log Analyser.  If the demand is to rotate the log file on a daily basis then the instructions at Rotate the DNS server log file on Windows server can be done. It is the best policy in this situation. A command similar to this will always appear after Midnight every night.

Read more: How to Configure Stub Zone in Windows DNS Server [Complete Guide]

C:\>schtasks /create /tn “Rotate DNS Log” /tr “C:\Program Files\Utilities\rotatednslog” /sc daily /st 00:01

SUCCESS: The scheduled task “Rotate DNS Log” has successfully been created.

C:\>schtasks /create /tn “Rotate DNS Log” /tr “C:\Program Files\Utilities\rotatednslog” /sc daily /st 00:01

SUCCESS: The scheduled task “Rotate DNS Log” has successfully been created.

The user can now check the status of the above task in a very easy manner. Just have a look at it.

C:\> C:\>schtasks /query /tn “Rotate DNS Log”

Folder: \

TaskName                                 Next Run Time Status

======================================== ====================== ===============

Rotate DNS Log                           2/20/2015 12:01:00 AM Ready

schtasks /query /tn “Rotate DNS Log”

Folder: \

TaskName                                 Next Run Time Status

======================================== ====================== ===============

Rotate DNS Log                           2/20/2015 12:01:00 AM Ready

So now, the whole thing seems to be quite clear before the people and the professionals at the same time.

In order to view the event logging status, the user should do the following steps.

First, open an elevated Windows PowerShell prompt on the DNS server.

Now use the get DNS server Diagnostics and view the status of the individual diagnostic events. If the following image is looked then the whole thing will be cleared. 

PS C:\> Get-DnsServerDiagnostics

SaveLogsToPersistentStorage          : False

Queries                              : False

Answers                              : False

Notifications                        : False

Update                               : False

QuestionTransactions                 : False

UnmatchedResponse                    : False

SendPackets                          : False

ReceivePackets                       : False

TcpPackets                           : False

UdpPackets                           : False

FullPackets                          : False

FilterIPAddressList                  :

EventLogLevel                        : 4

UseSystemEventLog                    : False

EnableLoggingToFile                  : True

EnableLogFileRollover                : False

LogFilePath                          :

MaxMBFileSize                        : 500000000

WriteThrough                         : False

EnableLoggingForLocalLookupEvent     : False

EnableLoggingForPluginDllEvent       : False

EnableLoggingForRecursiveLookupEvent : False

EnableLoggingForRemoteServerEvent    : False

EnableLoggingForServerStartStopEvent : False

EnableLoggingForTombstoneEvent       : False

EnableLoggingForZoneDataWriteEvent   : False

EnableLoggingForZoneLoadingEvent     : False

Read more: Install Remote Desktop Services in Windows Server 2012

So with this, it must be now clear that how the whole process is carried on by the professionals and expert devices. Perhaps with the emergence of these expert items or rather devices the whole job has become quite simple and faster. People are getting habituated with the latest ones and cannot imagine their lives without them. Sometimes, it really feels interesting and amazing to know about the latest improvements. The changes that are made are mainly done for the betterment of the people and work. However, with the introduction of new systems and pattern of work, the whole work has become much easier for the people to understand. Basic knowledge about the subject is well-enough to carry out the work in a much more simple way. Nothing more is required in such a case. So, the above-mentioned steps and process should be followed as much as possible.

Read more: How to Add CNAME Record in Windows DNS Server [Complete Guide]

Leave a Comment