Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Enable DNS Diagnostic Logging

            Modified on Mon, 11 May at 1:38 PM

            TABLE OF CONTENTS


            Overview

            DNS Diagnostic Logging helps administrators capture and analyze detailed DNS server activity for troubleshooting, monitoring, and security investigations. By enabling debug logging, you can collect packet-level details, query/response activity, and other diagnostic information that can be forwarded to ADR or analyzed locally.

            This article provides step-by-step instructions to enable and verify DNS diagnostic logging on a Windows DNS server.


            Prerequisites

            Before enabling DNS diagnostic logging, ensure the following:

            • Administrative access to the Windows DNS Server.

            • Sufficient disk space for storing DNS debug log files.

            • ADR CCE connectivity if logs are intended to be forwarded to ADR.


            Procedure to Enable DNS Diagnostic Logging

            1. Open the DNS Manager:

              dnsmgmt.msc

            2. In the DNS Manager console:

              • Right-click the DNS server name and select Properties.

            3. Navigate to the Debug Logging tab.

            4. Configure debug logging:

              • ✅ Select Log packets for debugging.

              • File Path & Name: Enter the location where the log file should be saved (e.g., C:\Windows\System32\dns\dns.log).

              • Maximum Size: Set an appropriate file size limit (e.g., 5000000 bytes).

            5. (Optional) Filter specific packet types to reduce noise:

              • Incoming / outgoing packets

              • UDP / TCP queries

              • Non-recursive / recursive queries

              • WINS lookups

            6. Click Apply and then OK to save changes.


            Verification (MSSP Only)

            Local Verification on DNS Server

            1. Reopen the DNS server Properties window.

            2. Go to the Debug Logging tab.

            3. Confirm that the Log packets for debugging option is still checked.

            4. Verify that the configured log file is being generated and updated at the specified path.

            Verification from ADR (if forwarding logs)

            1. Log in to the ADR dashboard.

            2. Navigate to: System → Logs and Flows Collection Status.

            3. Confirm that the DNS server’s IP is listed as a log source.

            4. Check that DNS debug logs are being ingested and normalized.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0