Sometimes, Microsoft products have a way of their own. The Domain Naming System (DNS) service since Windows Server 2003, too, has a nice little quirk that I ran into the other day, that I’d like to share with you.
About DNS debug logging
When you suspect problems with the Domain Naming System (DNS) Service, the records it keeps and scavenges, or the errors it encounters, but doesn’t let you know about in the event logs, you can enable DNS debug logging.
The DNS debug log provides extremely detailed data about all DNS information that is sent and received by the DNS server, similar to the data that can be gathered using packet capture tools such as network monitor. Debug logging can affect overall server performance and also consumes disk space, therefore it is recommended to enable debug logging only temporarily when detailed DNS transaction information is needed.
How to enable DNS debug logging
You can enable DNS Debug logging in three separate ways:
Through the Graphical user interface
To enable DNS debug logging through the Graphical User Interface (GUI), follow these steps:
- Log in to the DNS Server with an account that has local administrator privileges. When the DNS Server is also a Domain Controller, log on with an account that is a member of the Domain Admin group.
- Open the Domain Name System Microsoft Management Console (dnsmgmt.msc).
- In the left pane, right-click the server name and select Properties from the context menu.
The Properties window appears.
- Navigate to the Debug Logging tab.
- Select the Log packets for debugging option at the top op the tab.
- Select the rest of the options, as need be.
- Specify a location to store the logged information.
- Click the OK button.
Windows Server 2003 introduced the ability to provide a location for storing the logged information. On Windows 2000 Server, by default, information from DNS debug logging was stored in C:\windows\system32\dns\dns.log
When you’re done, disable DNS debug logging again by following the same steps, but unselecting the Log packets for debugging option.
When you’ve used removable media to store the logged information, you can safely remove it.
On the Command-line
To enable DNS debug logging on the command-line, use the following line on an elevated command prompt, while logged on with an account that has local administrator privileges:
dnscmd.exe localhost /Config /LogLevel 0x6101 /logfilepath E:\DNS.log
To disable DNS Debug Logging when you’re done, use the /LogLevel switch with the 0x0 value.
After you’ve used DNS debug logging on a removable media, removed the media and then restarted the Windows Server installation acting as DNS Server, the DNS Service no longer starts.
This is indicated by Event ID 7031 with source Service Control Manager in the System log.
Remove the location for DNS debug logging in the registry.
The location used is stored in the LogFilePath value in the following path:
Simply remove it, and the DNS service is ready for you to start without problems again.
Clearly, there is code that checks the previously configured debug logging location for existence. This code prevents the DNS service from starting when it can’t locate this location.
Select and enable debug logging options on the DNS server
Gathering detailed DNS debug logs from AD DNS
Enabling DNS Server Debug Logging
Enable DNS Request Logging for Windows 2003 and above