Windows DNS is pretty straightforward to install and setup, but occasionally issues occur that require investigation. By enabling DNS debug logging, you can log all DNS related actions such as zone transfers, DNS queries and resource record updates.
Configuring DNS Debug logging can be done from the command line using DNSCmd.exe or from the GUI. Before this feature can be enabled via the command line, you first must calculate the log level. Simply select the log level options from the chart below and add up the hex values, the result is the log level value you need to use with DNSCmd.
In this example I will choose to log question (0x100) and answer (0x200) packets which adds up to 0x300.
DNSCmd [DNSServerName] /Config /LogLevel [LogLevel Hex Value] DNSCmd ns1.thelazyadmin.lab /config /LogLevel 0x300
You can also specify the location of the log file.....
DNSCmd [DNSServerName] /Config /LogFilePath [PathToLogFile]
....and the maximum log file size.
DNSmd [DNSServerName] /Config /LogFileMaxSize [MaxFileSizeInHex]
If the issue only seems to happen to certain computers, you can configure DNS debug logging to only log activity from specific IP address(es).
DNScmd [DNSServerName] /Config /LogIPFilterList [IPAddress1]
To specify more than one IP address, seperate them with a comma. If you prefer to use the GUI, open up the DNS MMC console and connect to your DNS server(s). Right-click on the server you wish to configure and select Properties, then choose the Debug Logging tab. Here you can choose to enable or disable DNS debug logging, select the actions you would like logged and specify where to write the log files too.
The default log file location is %systemroot%\system32\dns\dns.log. On Windows 2003 DNS servers this can be changed, however with Windows 2000 the log file location can not be edited (as seen above). It should also be noted that the log file is not written in real time, activities are stored in a buffer before being written to the log.