Debug Logging for DNS in Windows Server 2003
Why would you use DNS’ debug logging? The answer is to track down problems with DNS queries, updates or notification errors. Perhaps the most common problem is why does a DNS query result in an unknown server error when you know the domain name is valid.
Scenarios for creating a DNS Debug Log
- Web page not found – 404 error.
- Email delivery error.
- Cannot find a server by its a UNC path.
- Secondary DNS servers do not receive notifications or updates.
‡
Where do you find the debug log settings?
Open the DNS snap-in, click on the server icon itself, properties. (No use looking on Forward Lookup Zones).
Make sure that you enter a valid path and filename in the box at the bottom called: File path and name. See diagram.
Good news, the debug information gets appended to the log with the latest information at the bottom.
Interpreting the Debug log
The trick to deciphering the log is to parse or divide up the line. It helps to look for patterns, for example Rcv Q (Incoming Request Query) or Snd R Q (Outgoing Response to Query).
Watch out for error codes, NXDOMAIN, indicating a problem with the query, or NOERROR – good news. Here are two examples from my Windows Server 2003 Debug Log e:\log\wed.log:
Example 1: – Query Failure
PACKET UDP Snd 10.1.0.1 R Q [8385 A DR NXDOMAIN] (7)EZINE(2)cp(3)com(0)
In this example the query returned NXDOMAIN meaning it has no record of a machine called EZINE.
Example 2 – Query success!
PACKET UDP Snd 10.1.0.1 R Q [8085 A DR NOERROR] (8)LLANELLI(2)cp(3)com(0)
Here the query send to 10.1.0.1 successfully resolved a machine called LLANELLI at cp.com.
Note: Always turn off the log when you finish, otherwise the processor will be stressed unnecessarily.
Error Code | Explanation |
NOERROR | Success. What you want! No problem |
NXDOMAIN | The query name does not exist. I have no record for this host. |
NOTAUTH | This server is not authoritative for the domain in the query. Could be a secondary server trying to transfer a zone from the server. However that server is not SOA. |
SERVFAIL | Most likely a temporary problem causing a timeout error. With luck the retry will work. Problem seen with email transfer. |
REFUSED | Security problem. Check permissions. Could be the result of an email check. We do not like your domain because we cannot reply to it. As a result we will not accept your incoming mail. Could be a request for a zone transfer which is refused because the requestor does not have permission |
Filtering the log
Either you can filter the log so that it only captures particular data, or else you can use Find in the resultant log to track down the server name you are interested in.
Possible filters include the following pairs: UDP or TCP, Incoming or Outgoing, Request or Response.
Guy Recommends: A Free Trial of the Network Performance Monitor (NPM)
v12
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
Perhaps the NPM’s best feature is the way it suggests solutions to network problems. Its second best feature is the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you give this Network Performance Monitor a try.
Download your free trial of SolarWinds Network Performance Monitor.
Summary
If you experience DNS connectivity problems, create a Debug log. Navigate to the DNS server icon, find the Debug Logging tab and set a path to the filename which stores the data.
If you like this page then please share it with your friends
Related DNS Server topics
- New Features for DNS in Windows Server 2003
- DNS – Names & Namespace
- Types of DNS Zone
- Conditional Forwarding
- Installing DNS Server
- DNS Queries
- Root Hints
- Resource Records
- DNS Naming Rules
- Basic DNS Server Troubleshooting
- Advanced DNS Troubleshooting
- Debug Logging for DNS in Windows Server 2003
- DNSLint – Utility
