Master DNS Debug Parsing: A PowerShell Guide

Published:18 June 2019 - 1 min. read

Today’s sponsor is n8n, the AI-native workflow automation tool built for ITOps and DevSecOps. With 100+ templates to get you started quickly and a powerful visual editor, you can automate complex workflows without giving up control. Check it out here.

 

 

 

 

 

One of the first things you should do when troubleshooting a problem like this is to enable DNS debug logging. But when you’re forced to look at the log debug logging creates, you’re in for a rude awakening. Make it easier by creating a DNS debug log parser script with PowerShell!

Not a reader? Watch this related video tutorial!
Not seeing the video? Make sure your ad blocker is disabled.

How to Build a DNS Debug Log Parser with PowerShell

You’ve got a ton of different options to debug but in my case, I need more information regarding dynamic updates. This is what my configuration looks like on one of my DNS servers.

DNS Debug Logging
DNS Debug Logging

When this is enabled, it will begin creating a log file at the file path you specify which looks like this:

DNS Debug Log
DNS Debug Log

The first row of marked out lines is the IP address and the last row is the DNS record it attempted to update. These were marked out for obvious reasons. Depending on the options you choose this log file can become enormous and isn’t in the easiest format to read.

What if I want to filter out just a single IP or narrow it down by a certain timeframe? You can’t do that with the default log file. This is why I created a DNS debug log parser script with PowerShell.

The script below takes this log file and parses it out into a nice CSV file that looks like this:

PowerShellified DNS Debug Log
PowerShellified DNS Debug Log

That looks a whole lot better, right? The script looks through the log file for any errors and parses out the date, IP, and the error, and places it into a nicely formatted CSV. It also excludes all of the DNS server IPs.

For some reason, no matter which option you pick I found that the DNS server IPs themselves kept showing up. I just need to know the client IP address that’s having a problem updating its DNS record.

Hate ads? Want to support the writer? Get many of our tutorials packaged as an ATA Guidebook.

Explore ATA Guidebooks

Looks like you're offline!