2

I need to decommission a 2008 server that was one of 4 DC's in the domain within the same subnet/site location. I was able to decom 2 others without issue for the most part but the last one I did caused issues with a few static devices 'losing internet' when their static assigned DNS server went missing.

I'm looking for a tool or a method of determining if a Windows DNS server is responding to client DNS requests. I also want to see if there was a way to determine with originating IP/subnet if possible as well.

guntbert
  • 631
  • 9
  • 21
Mike66350216
  • 277
  • 1
  • 5
  • 12

2 Answers2

2

This is a manual method, but you can query the server for simple statistics on PowerShell with Get-DnsServerStatistics command:

PS C:\Users\Administrator.DOMAIN> Get-DnsServerStatistics

TimeStatistics:
==============

TimeElapsedSinceLastClearedStatisticsBetweenRestart     01:15:58
LastClearTime                                           7/2/2020 10:34:02 PM
ServerStartTime                                         7/2/2020 10:34:02 PM
TimeElapsedSinceLastClearedStatistics                   04:11:44
TimeElapsedSinceServerStartBetweenRestart               01:15:58
TimeElapsedSinceServerStart                             04:11:44


QueryStatistics:
===============

TcpQueriesSent                                          0
UdpResponsesReceived                                    760
UdpQueries                                              271
UdpResponses                                            271
UdpQueriesSent                                          761
TcpResponsesReceived                                    0
TcpQueries                                              5
TcpResponses                                            5
TcpClientConnections                                    5

You're interested in QueryStatistics, Query2Statistics and RecursionStatistics. But the command outputs a lot more.

You can watch this for connections on the server. If the numbers are too high and you're too tired to do the math you can wipe out the statistics with Clear-DnsServerStatistics.

After this everything will be zeroed, get some time and look if something hits up on the server again with Get-DnsServerStatistics.

Vinícius Ferrão
  • 5,520
  • 11
  • 55
  • 95
  • Thank you VF - would you happen to know if there was a way to determine the originating IP or subnet? I will edit my question to include. Thank you! – Mike66350216 Jul 03 '20 at 14:44
2

Enable debug logging on the properties of the DNS server that will be decommissioned for: packet direction: incoming, packet contents: queries.

The IP address of the source will be included in the log.

Greg Askew
  • 35,880
  • 5
  • 54
  • 82