On windows Server environment, it could be useful to debug and save any DNS query submitted to your domain controllers/DNS servers.
There is an easy way to achieve this goal.
In fact you need to enable DNS debugging mode.
After this feature is enabled you can check logs and identify devices that are querying specific DNS entries/websites.
This approach it is useful, at first, about security interdipendence as well...
- Open DNS Manager (dnsmgmt.msc)
- Right-click the DNS server and click Properties.
- Click the Debug Logging tab.
- Select Log packets for debugging.
- Enter the File path and name, and Maximum size.
[related articles]
