MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
December
Sun Mon Tue Wed Thu Fri Sat
23 24 25 26 27 28
29 30 31        
2024
Months
Dec


Thu, Feb 26, 2015 10:04 pm

Adding a new DNS zone to a Windows Server 2012 DNS server

A Windows Server 2012 Essentials system can function as a Domain Name System (DNS) server. If the system is functioning as a DNS server you can add additional zones that are integrated with Active Directory (AD) or you can add them as file-based zones as you would on a Unix/Linux DNS server. The Windows DNS server can be configured to support forward or reverse lookup zones. A primary, secondary, or stub zone can be added.

[ More Info ]

[/network/dns/windows] permanent link

Thu, Feb 19, 2015 11:01 pm

Enabling DNS Logging for Windows Server 2012

I wanted to log DNS queries and responses from all systems using a Windows Server 2012 DNS server, so that I would have DNS logs available for reference in the event of issues related to malware, etc. I also wanted to rotate the log files every night, so that the file size wouldn't grow continually until it reached the maximum 500 MB size I specified for the log file. Instructions for doing so for a Windows Server 2012 system are here. Instructions for doing so on a Microsoft Windows Small Business Server (SBS) are at Enabling DNS Logging on a Windows SBS 2003 Server.

[/network/dns/windows/logging] permanent link

Sun, Dec 07, 2014 7:30 pm

Rotate the DNS server log file on a Windows server

For a site where a Windows Small Business Server (SBS) 2003 system serves as a DNS server, I wanted to rotate the DNS log file every night at midnight. The log file is named DNS.log and I'd like to close the current log at midnight renaming it to DNS_YYYYMMDD.log where YYYY is the 4-digit year, MM, the month (1-12) and DD the day (1-31). The system date can be put in the format YYYYMMDD using substring extraction as explained at Appending a date to a filename in batch files.

Renaming the log file requires stopping the DNS server service, which can be done with the command net stop "DNS Server". If you try to move the file without stopping the service, you will receive the message below:

D:\Logs\DNS>move dns.log dns_old.log
The process cannot access the file because it is being used by another process.
        0 file(s) moved.

After the file is moved/renamed, the DNS server service can be restarted with net start "DNS Server".

The location of the DNS log file is stored in the Windows Registry. A REG QUERY command can be used to obtain the current location for the file as explained at Determing the location of a Microsoft Windows DNS log file from a command prompt. After the location and name of the file is determined, the DNS server service can be stopped, then the current log file can be renamed, and the DNS server service can be restarted, creating a new log file with the name and at the location indicated by the registry entry.

The batch file is shown below and is available here.

@echo off

REM Name: rotatednslog.bat
REM Version: 1.0
REM Created: December 6, 2014
REM Last Modified: December 6, 2014
REM
REM: Location of latest version: 
REM: http://support.moonpoint.com/downloads/computer_languages/mswin_batch/rotatednslog.bat
REM
REM Description: When scheduled to run at the end of each day, this batch
REM file will roate the DNS server log. The DNS server service will be
REM stopped temporarily, so the current DNS log can be renamed to a log file
REM with the name DNS_YYYYMMDD.log, where YYYY is the year, MM the month, and
REM DD the day. The DNS server service will then be restarted creating a
REM new DNS log file. The current location of the DNS log file is obtained
REM from the Windows Registry.

REM Required for substituting the contents of a variable in string subsitution
REM employed to insert the contents of the date variable YYYYMMDD in the log
REM file name.

SETLOCAL ENABLEDELAYEDEXPANSION

REM Windows Registry key holding the location of the DNS log file

SET regkey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"

REM Registry value needed from the above key

SET regvalue="LogFilePath"

REM Extract only the file location from the output of the reg query command

FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO set logfile=%%G

REM Set the variable YYYYMMDD to today's date in YYYYMMDD format where
REM YYYY = 4-digit year, MM is month (1-12), and DD is day (1-31)

SET YYYYMMDD=%DATE:~10,4%%DATE:~4,2%%DATE:~7,2%

REM Set the name for the rotated log file to have "_YYYYMMDD.log" at the
REM end of the file name.  Need to use delayed expansion.

SET renamedlog=!logfile:.log=_%YYYYMMDD%.log!

REM Stop the DNS server service

NET STOP "DNS Server"

REM Move the log file to its new location with its new name.
REM Since you cannot specify a new drive or path for your destination file with
REM the RENAME command, I'm using the MOVE command, instead, in case I may
REM wish to update this batch script to move the file to another drive and/or
REM directory.

MOVE %logfile% %renamedlog%

REM Restart the DNS server service

NET START "DNS Server"

If it is run from a command prompt, you will see the following output:

C:\Program Files\Utility\Scripts>rotatednslog
The DNS Server service is stopping.
The DNS Server service was stopped successfully.

        1 file(s) moved.
The DNS Server service is starting.
The DNS Server service was started successfully.

Since I would like the batch file to execute at the end of each day, I scheduled it to run at 23:59 (11:59 PM) Monday through Sunday with the command at 23:59 /every:m,t,w,th,f,s,su "C:\program files\utility\scripts\rotatednslog.bat (specify the location for the batch file).

C:\Program Files\Utility\Scripts>at 23:59 /every:m,t,w,th,f,s,su "C:\program files\utility\scripts\rotatednslog.bat"
Added a new job with job ID = 5

I could have used 00:00 to run the batch job at midnight, but I set it to run 1 minute before midnight to be sure that the date inserted in the name of the file is the one for the day that has just ended rather than the date of the new day.

If you want to see the details of scheduled batch jobs, you can just enter at without any parameters at the command line and hit return. You will then see all the scheduled batch jobs. There may be gaps in the ID numbers if some batch jobs have been deleted.

C:\Documents and Settings\Administrator>at
Status ID   Day                     Time          Command Line
-------------------------------------------------------------------------------
        1   Each M T W Th F S       7:30 PM       d:\backups\daily.bat
        2   Each Su                 7:30 PM       d:\backups\weekly.bat
        5   Each M T W Th F S Su    11:59 PM      "C:\program files\utility\scripts\rotatednslog.bat"

If you wish to delete a scheduled batch job you can use at id /delete, where id is the numeric ID assigned to a batch job. E.g., the rotatednslog batch job above could be deleted with at 5 /delete.

[/network/dns/windows] permanent link

Sat, Nov 22, 2014 12:25 pm

Determing the location of a Microsoft Windows DNS log file from a command prompt

If you need to determine the location of the log file for a Microsoft Windows server functioning as a DNS server from the command line, you can do so through a reg query command.
C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
    LogFilePath    REG_SZ    d:\logs\dns\dns.log

You can reduce the output displayed to just the line containing the log file location by piping the output of the reg query command into the find command.

C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath | find "LogFilePath"
    LogFilePath    REG_SZ    d:\logs\dns\dns.log

If you wish to see just the log file location and not the other information returned by the reg query command, you can use a FOR /F loop command such as the following:

C:\>for /f "tokens=3" %g in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') do @echo %g 
d:\logs\dns\dns.log

C:\>

The FOR /F loop breaks up a line of output from the command that is being processed into items, called "tokens" that are separated by space on the lines of output from the command. In this case, I'm only interested in the third token on the line of output, which is the location of the DNS log file. The output that is being processed is the result of piping the output of the reg query command into the find command. Since the pipe symbol, i.e., the vertical bar character |, has a special meaning for the Windows operating system, you need to place an "escape character", which for Windows is the caret symbol, ^, immediately before it. You also need to put the at symbol, @, before the echo command to avoid seeing the echo command itself as output.

If you wish to use a batch file to execute the commands to find the log file location, you need to replace the %g with %%g as shown below.

@echo off
FOR /F "tokens=3" %%G IN ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') DO echo %%G

The registry key and the value to be queried can also be placed in environment variables that can be modified, if you wish to query other registry keys, instead of the one for the DNS log file location, so that it is easier to see what needs to be changed for such other queries.

@echo off

REM Name: queryreg.bat
REM Version: 1.0
REM Created: November 22, 2014
REM Last Modified: November 22, 2014
REM
REM Description: Displays just the value of a registry key from a
REM "reg query regkey /v regvalue" command omitting the additional
REM information that is output by the command

set regkey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"
set regvalue="LogFilePath"

FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO echo %%G

Download: queryreg.bat

[/network/dns/windows/logging] permanent link

Fri, Nov 21, 2014 11:09 pm

Windows DNS Log Analyser

If you've turned on logging for the DNS service provided on Microsoft Windows servers, a useful tool for analyzing the contents of the log file is Windows DNS Log Analyser, which is a small (about 1.44 MB), free program that understands the Microsoft Windows DNS server log file format which will present the information to you in a more easily analyzed format.

[ More Info ]

[/network/dns/windows] permanent link

Thu, Nov 20, 2014 11:17 pm

Enabling DNS Logging on a Microsoft Windows SBS 2003 Sever

DNS logging can be useful when trying to monitor what systems an infected system is trying to contact. The DNS log will show you what DNS queries were sent by the system to the DNS server to look up IP addresses for host names.

[ More Info ]

[/network/dns/windows] permanent link

Fri, Sep 25, 2009 7:09 pm

Windows XP System Not Using Primary DNS

After a user rebooted her system, email she sent to an internal POP3 email server was being rejected. When I checked the email server's log file, I found that it was rejecting the email because it saw the email coming from the outside address of the firewall. It saw the "to" address of the email message she was trying to send as one that was not destined for an account on the email server and rejected it with a "relaying denied" message. The email server was configured to allow relaying from the IP address of her PC, but since it saw the email coming through the external firewall, it rejected it.

When I tried pinging the internal email server, mail.example.com, from her system, instead of its internal address, 192.168.0.25, being used, I saw the external address for the firewall was being used. I checked her /windows/system32/drivers/etc/hosts file first. I didn't see any entry for mail.example.com there. Nor did I see the address cached on her system when I entered the command ipconfig /displaydns | find /i "mail.example.com" at a command prompt. So I used a sniffer to observe the network traffic from/to her system. I saw that her system was querying the DNS server configured as the secondary name server for her system, which was an external DNS server provided by her Internet Service Provider (ISP) rather than the internal name server on her LAN.

I tried ipconfig /flushdns, but that made no difference. Her system continued to query the secondary name server and didn't seem to ever cache the address for mail.example.com. When I tried ipconfig /registerdns, the system then queried the primary DNS server again.

The /registerdns argument to the ipconfig command "refreshes all DHCP leases and re-registers DNS names." The system had a static IP address, so the "re-registers DNS names" function of the command must have fixed the problem.

When she tried sending her email message again, though, it was rejected by the internal mail server. I had her restart her email client, Microsoft Outlook, and that resolved the problem. Apparently, Outlook also maintains its own cached information for the mail server it uses. I still didn't see the internal mail server's address cached when I issued an ipconfig /displaydns command, though.

The long term solution, though, to prevent the problem recurring would be to set up another internal DNS server to use as the secondary DNS server.

References:

  1. XP not using Primary DNS
    Date: March 20, 2009
    TechTalkz.com Technology @ your fingertips
  2. Configuring IP Addressing and Name Resolution
    Microsoft TechNet: Resources for IP Professionals
  3. When does a Windows client stop using a secondary DNS server and revert back to primary
    Date: August 11, 2009
    Server Fault
  4. Renew DNS client registration using the ipconfig command
    Updated: January 21, 2005
    Microsoft TechNet: Resources for IP Professionals

[/network/dns/windows] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo