How to Enable DNS Query Logs in Windows DNS Server

From Notes_Wiki

Home > Windows > DNS > How to Enable DNS Query Logs in Windows DNS Server

How to Enable DNS Query Logs in Windows DNS Server

βœ… Enable DNS Analytical Logging in Event Viewer

  1. Press Win + R, type eventvwr, and press Enter.
  2. In Event Viewer, go to View > Show Analytic and Debug Logs (makes Analytical logs visible).
  3. Navigate to:
  Applications and Services Logs β†’ 

  Microsoft β†’ 

  Windows β†’ 

  DNS-Server β†’ 

  Analytical
  1. Right-click Analytical β†’ Properties β†’ Check Enable Logging β†’ Click OK.

βœ… Enable DNS Debug Logging via DNS Manager

  1. Press Win + R, type dnsmgmt.msc, and press Enter.
  2. Right-click your DNS server (e.g., SERVER-NAME) β†’ Properties β†’ Debug Logging tab.
  3. Enable Log packets for debugging and select:
  βœ“ Queries

  βœ“ Updates

  βœ“ Notifications

  βœ“ Other DNS messages
  1. Click Apply β†’ OK.

πŸ“ Log File Location

  • Analytical logs (ETL format):
 C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNS-Server%4Analytical.etl

πŸ”„ Convert .etl to .csv via PowerShell

  1. Navigate to the log directory in PowerShell.
  2. Run:
 tracerpt "Microsoft-Windows-DNS-Server%4Analytical.etl" -o DNS_Logs.csv -of CSV

⚠️ Important Notes

  • Debug logs consume significant disk spaceβ€”monitor regularly.
  • Analytical logs require no DNS zone configuration.
  • For long-term logging, schedule log rotation/archiving.

Home > Windows > DNS > How to Enable DNS Query Logs in Windows DNS Server

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=How_to_Enable_DNS_Query_Logs_in_Windows_DNS_Server&oldid=9334"