0

I have a Windows Server 2008 R2 box that served as our DNS server for some time. I built a new one awhile back and we've been haphazardly switching over to the new one. Is there a way to see what endpoints might still be requesting resolutions from the old DNS server? I'd like to turn that box off.

Thanks

SquishemQuick
  • 55
  • 1
  • 1
  • 4

2 Answers2

1

Start a packet capture on the old box with wireshark with a filter like:

dns and ip.dst==ip_of_your_server or dns and ip.src==ip_of_your_server
yagmoth555
  • 16,758
  • 4
  • 29
  • 50
  • I figured I might have to go down that road, I just thought there might be a log or something that would tell me that info. – SquishemQuick Jun 20 '16 at 18:12
  • @SquishemQuick You can install a audit tool, from MS (https://technet.microsoft.com/en-us/library/dn800669%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396) but in my opinion it's simplier to run a wireshark portable edition – yagmoth555 Jun 20 '16 at 18:18
1

Lots of direct logging in Windows DNS:

https://technet.microsoft.com/en-us/library/cc776361(v=ws.10).aspx

https://technet.microsoft.com/en-us/library/cc759581(v=ws.10).aspx

Christopher_G_Lewis
  • 3,685
  • 22
  • 27