The IP address of a DNS server is almost a in stone written number. That is because the client DNS settings contain the IP address of the DNS server. Some clients are configured via DHCP, others manually, other clients are not known for using this DNS server. But you want catch them all.
So if you come into the situation to relocate your DNS server on the network, build a new machine but you cannot take the IP with you or if you are in the middle of a Active Directory migration project and you have already changed the DHCP settings and you need to find all manually configured machines, especially the unknowns; you can turn on debugging in the Microsoft DNS.
First of all enable the DNS debug logging. Open the DNS management console and click on properties of DNS server. Go to the Debug Logging tab.
Enable Log packets for debugging but disable Outgoing under Packet direction.
Here the PowerShell script to process the debug files.
New-Variable -Name RegexIP -Force -Description "A regular expression object which matches and validates IP addresses." -Value ([regex]'(?<First>2[0-4]\d|25[0-5]|[01]?\d\d?)\.(?<Second>2[0-4]\d|25[0-5]|[01]?\d\d?)\.(?<Third>2[0-4]\d|25[0-5]|[01]?\d\d?)\.(?<Fourth>2[0-4]\d|25[0-5]|[01]?\d\d?)')
$Files = Get-Content "c:\system\DNS\log1.dns.txt"
$RegexIP.Matches($Files)|Group value | foreach {
$chkip=$_."Name"
try { [System.Net.Dns]::GetHostbyAddress($chkip).Hostname }
catch { write-host $chkip }
#write-host $_.Exception.Message
}
The script does two things. First it reads all IP addresses from the log file and group them, and in a second step it tries to get from DNS the hostnames. If it cannot find a hostname for a an IP address it will just list the IP address in the output list.
output example:
PS C:\system> .\ipstat.ps1
win5010.frontoso.com
win5014.frontoso.com
win5052.frontoso.com
win5510.group.frontoso.com
10.0.1.11
10.0.1.10
win5012.frontoso.com
Now you have a list you start from the top, to change the DNS settings of those machines.
Because not every machine is connected every day you may want run the debug more often or for a longer period of time.
If you have multiple DNS servers you can process them all at once. Just append the debug log file name to $Files, seperated all files names by comma
This article targets DNS but if you get a logfile from any other service you could use the same method to identify who is accessing your server/service. e.g. with IIS log files.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment