Microsoft DNS Server

I'm looking for a way that I can run analysis on my internal DNS to see that host A record Bob was called x times and Mary was called y times.  This would be helpful in cleaning up those old static DNS entries made, which scavenging doesn't touch, and which ones are called a lot so I can improve performance.  This is currently on Server 2008 but will soon be on 2012 R2.

I have enabled logging per this site:  https://support.appriver.com/kb/a669/enable-dns-request-logging-for-windows-2003-and-above.aspx.

Are there native or 3rd party tools that will either give me this insight or perform analysis on the DNS logs?
jmachado81Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeremy WeisingerSenior Network Consultant / EngineerCommented:
There's probably a utility out there or a script. But off the top of my head you could do something like this:
$logfile = 'D:\dns.txt'
$dnsname = Read-Host 'Enter DNS name you want to check'
Get-Content $Logfile | Group {$_ -like "*$dnsname*"} -NoElement | ? {$_.name -eq "true"}

Open in new window

This will return the number of times the string you entered occurs int he log. If the domain is listed more than once per line or a single query generate multiple lines, then there will have to be some parsing that's done. If you post a snipit of the log then I could maybe write the parsing for you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StuartTechnical Architect - CloudCommented:
I haven't done this myself but the following link might point you in the right direction - https://social.technet.microsoft.com/Forums/windowsserver/en-US/b22e7a0d-03d9-4b38-94fb-1adc5e19941d/logmonitor-dns-queries-ws2008-r2-core
0
jmachado81Author Commented:
That is great as it tells me if it was called, but is there a way to output the remote IP (192.168.129.20 below) so I don't have to open the large file and search for it manually if it is found true?  I placed a line below from the log.

9/22/2015 3:28:22 PM 10F0 PACKET  048825E0 UDP Rcv 192.168.129.20  bbdb   Q [0001   D   NOERROR] A     (6)server(10)domain(3)com(0)
0
jmachado81Author Commented:
This is a good way to find a count of DNS name calls, but it does not provide the remote IPs making the calls.  That piece is important as we can fix configuration issues on that remote host if its owned by us to update the DNS name thereby improving DNS.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.