Parsing DNS Log files

This script parses the DNS log file and does a reverse lookup to see the DNS hostname of the device that did a DNS query

The Scenario

As part of an 2003 AD migration, the  requirements were to replace the 2003 DCs in an existing subnet with new DCs in a new subnet. Problem is that lots of things these days do DNS lookups and , if your not using DHCP to deliver DNS server addresses to the Clients, you need to go and change every DNS server entry on every statically assigned device. But it is worse than that Jim! you may well have devices off your LAN, via a firewall, that you are allowing to use your DNS servers. How do you know who and what they are? (Now some smart person will say: “of course you have that documented”. Yeah .. right… is the answer, for those of us that have inherited someone else’s environment)

The Plan

Simple plan

  1. Stand up your new Domain Controllers (AD integrated DNS on them of course)
  2. Change your DHCP Scope options, wait until all the leases have been renewed to point to the new domain controllers
  3. On the old domain controllers, turn on DNS logging Select and enable debug logging options on the DNS server
  4. Gather the log file and parse them using the script below

 

The Script

 

Leave a comment

Your email address will not be published. Required fields are marked *