Who made a DNS Record?

  • Thread starter Thread starter A. Help
  • Start date Start date
A

A. Help

Is there a way to tell which host on my network made a request to a specific
web site by looking at the cached dns lookups on our server? I have a user
that keeps going to the site xxx.com and I want to know who keeps trying to
get to it.

Thanks.
 
In
A. Help said:
Is there a way to tell which host on my network made a request to a
specific web site by looking at the cached dns lookups on our server?
I have a user that keeps going to the site xxx.com and I want to know
who keeps trying to get to it.

Thanks.
Click to expand...

Enable DNS logging but if you want to stop access to the site block it at
the firewall.
 
Open up the DNS icon.
there is a cache file for every site visited.
there you will find what you need ---
good luck
sal
 
AH> Is there a way to tell which host on my network made a request
AH> to a specific web site by looking at the cached dns lookups on
AH> our server?

No. All that the DNS log will tell you is which machines issued a DNS query
against the domain name "xxx.com." via your proxy DNS server. It won't tell
you whether the result of that query was then used by a web browser to connect
to an HTTP server, and it won't tell you which machines performed that lookup
via someone else's proxy DNS server.

Your best approach is to set up a caching proxy HTTP server for your
organization, force all web browsing traffic to go through it, and to then
read your proxy HTTP server's logs. That _will_ tell you exactly what you
want to know (which is what machines actually requested and obtained a
particular web page). You must also announce to your users that all web
access using your organization's facilities will be going through a proxy HTTP
server, whose logs _will_ be read. (This in itself may well have the
deterrent effect that you appear to be seeking.)

Notice that that doesn't involve DNS service at all. What you want to know
involves the (mis-)use of HTTP service, so how you find it out involves the
management _of your HTTP services_, not the management of your DNS services.
It is the downloading of web pages, not the looking up of domain names, that
you are trying to track.
 
Hi,

Follow these steps:

1. Open DNS Management Console
2. Right-click the server icon and select 'Properties'
3. Go to the Logging tab and select the required logs
4. Examine the logfile (system32\dns\dns.log) after a
period
 
Enable DNS logging from the logging tab on the properties of the DNS server in the DNS mmc. Check the logs for the web site in question and the source IP
address of the request will be listed as well.

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
 
Thanks for all the info. I selected all the logs on the Logging Tab, but
the dns.log file is empty. Any suggestions?


Thanks.
 
Back
Top