troubleshooting Question

Identify (log) DNS queries on client machine by process

Avatar of Stuart Oram
Stuart OramFlag for United Kingdom of Great Britain and Northern Ireland asked on
Windows 10DNS
13 Comments1 Solution1194 ViewsLast Modified:
I have seen entries in my DNS logs suggesting that I have a small but significant number of hits to some questionable domains on a daily basis from one particular client machine. This was seen on a previous Windows Vista machine which has now been retired and been replaced by a Windows 10 build which is now exhibiting the same symptoms. I'd like to get to the bottom of this by identifying/logging from the client machine which process(es) is making said DNS queries.
Given the nature of DNS transactions, it's unlikely I'm going to pick much up with built-in Resource Monitor and the likes.
Can anyone make any suggestions?

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 13 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 13 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros