DNS Logging Configuration on a Windows Server

Updated Jan 16, 2024

Configure DNS Logging on a Windows Server

You can use dnscmd.exe to configure the Windows DNS server component to use write-through transactions when logging.

Before you begin

Steps

  1. Configure DNS logging using a PowerShell command.
  2. Validate the DNS configuration using MMC.

Step 1: Configure DNS logging for a Windows Server

  1. Click Start, and then open PowerShell with administrative permissions.

  2. In PowerShell, run this command to enable DNS packet logging with write-through transactions:

    dnscmd /config /loglevel 0x8000F301
  3. Run this command to set the maximum size of the DNS log file to 200 megabytes (MB):

    dnscmd /config /logfilemaxsize 0xC800000
  4. Close the PowerShell window.

    DNS logs are now written to %SYSTEMROOT%\System32\dns\dns.log*, where the %SYSTEMROOT% variable is your Windows directory, such as C:\WINDOWS.

Step 2: Validate the configuration through the MMC

Note: Arctic Wolf does not recommend changing the log settings in MMC.

  1. Click Start > Administrative Tools > DNS to open the DNS management console.

    Tip: On previous Windows Server versions, click Start > All Programs > Administrative Tools > DNS.

  2. In the navigation menu, expand your DNS server, right-click the server, and then click Properties.

  3. Click the Debug Logging tab, and then confirm these options:

    • Log packets for debugging is selected.
    • Packet directionOutgoing and Incoming are selected.
    • Transport protocolUDP and TCP are selected.
    • Packet contentsQueries/Transfers is selected.
    • Packet typeRequest and Response are selected.
    • Log file > File path and name is empty.
  4. Click Cancel to close the DNS Manager window.

    The Windows server is configured to log DNS packets.

Next Steps