Re: would like to know / track who is using my DNS...

From: Kevin D. Goodknecht Sr. [MVP] (admin_at_nospam.WFTX.US)
Date: 01/14/05 

Date: Thu, 13 Jan 2005 18:04:43 -0600

In news:1105658372.189845.273640@z14g2000cwz.googlegroups.com,
Mike <mdunne@bcc.ctc.edu> commented
Then Kevin replied below:
> I am currently using Microsoft Active DNS and was
> wondering if there is a way to track -
> 1) Who is using my DNS (host name / IP Address of
> requestor) 2) What names are they looking up
> - at what time did the lookup occur
>
> Does such a log exist in/on MS DNS?
> Is there a third party product that will do this?
> Thanks so much.
>
> Mike

One particular tool? not that I know of, at least one that logs all you
want. You can enable Advanced logging (Advanced tab) in combination with the
port reporter tool, that logs TCP and UDP connections.
That said, DNS is usually a read only service sending out packets of less
than 512 bytes, some packets are larger but that's another story. Anyway the
point is enabling Advanced logging is intended for short term
diagnostistics, using advanced logging can cause the DNS service to log 7020
events and time out because DNS can easily have hundreds if not thousands of
querys per minute and it takes considrable CPU resources to write a log.
This is addition to the port reporter that logs UDP/TCP connections.
 It could easily take a pretty mean machine just to write the logs you want
for this one service.

Availability and description of the Port Reporter tool
http://support.microsoft.com/default.aspx?scid=kb;en-us;837243 

-- 
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Relevant Pages

  • restart solved all
    ... > advised and I am positive that DNS is fine. ... > with Group Policy or User Profiles. ... > - logs Kerberos events that show I am successfully issued TGT and Service ... >> And don't forget to check the event logs. ...
    (microsoft.public.windows.server.active_directory)
  • Re: what should I do when....
    ... If I notice scans from an IP then I will gather the logs and send them to the security@ or abuse@ contact that is in the WHOIS. ... I ran into a lot of problems where people needed access to websites that were hosted there or the DNS was hosted there and the site was somewhere else. ... Over three years and they still can't browse our website. ... my firewall logs, from a specific ip based in Canada, the log is showing a ...
    (Security-Basics)
  • Re: NT to W2K Upgrade-DDNS issue
    ... We were not previously running DNS on our pre-migration NT Domains. ... I checked most of the event viewer records on the client machines, ... What I did notice looking through the event viewer logs, ... Are you using DHCP to assign IP addresses to these clients? ...
    (microsoft.public.windows.server.migration)
  • Re: Zone Alarm Basic oddity
    ... Have you looked in the ZA logs, if it is blocking traffic it will log ... How is your DNS configured, does the connection have DNS servers ... Do an ipconfig /all to see your DNS settings, ... > How is your DNS configured, does the connection have DNS servers config'd ...
    (comp.security.firewalls)
  • ipfilter problem - seems simple, but Im stuck.
    ... I've got a Sun Ultra 60 running Solaris 10, ... It logs domain names in the web server logs, which it does via DNS lookups. ...
    (comp.unix.solaris)