Steps to enable DNS Query Logging on Windows systems

by Milan Stanojevic
Milan Stanojevic
Milan Stanojevic
Windows & Software Expert
Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he... read more
Updated on
Affiliate Disclosure
turn on DNS Query Logging
XINSTALL BY CLICKING THE DOWNLOAD FILE

To fix Windows PC system issues, you will need a dedicated tool

  • Download Fortect and install it on your PC
  • Start the tool's scanning process to look for corrupt files that are the source of your problem
  • Right-click on Start Repair so the tool can start the fixing algorithm
Download Now Fortect has been downloaded by 0 readers this month, rated 4.4 on TrustPilot
Illustration

Microsoft released a new version of the Sysmon tool. The company confirmed that Windows system monitor now supports DNS query logging.

This tool is developed by the CTO of Microsoft Azure Mark Russinovich, who announced the new feature on his official Twitter account. Russinovich attached a screenshot showing how the tool logs DNS queries and information.

Let’s discuss how Sysmon works. It basically monitors specific events currently on the system and then maintains their record in the event log.

But from now onwards, the new Sysmon version brings DNS query logging support. Interestingly, you can also spot which query initiated the program by looking at the “Image” value.

How to enable DNS logging on Windows

  1. Open the run dialogue box by hitting Windows+R keys.

Open Run

  1. Now type eventvwr.msc in the dialogue box and hit Enter. It will open the Event Viewer Window.
  2. At this step, navigate to Applications and Service Logs >> Microsoft >> Windows >> DNS Client Events >> Operational.DNS Client Events
  3. You will see Operational option, right click on it and click Enable Log.

Finally, DNS logging is now enabled on your system. 

Users are excited about this feature

Windows users are really excited about this new feature. Many users started commenting on the post about how the feature would be beneficial.

It looks like you get more data in one event with this vs the dns client log. If you are already using sysmon this is a big win. Don’t have to ask the windows team to turn on DNS client logs.

Another Windows user stated:

Yep so many times I had to fire up message analyzer to grab the process making the DNS request. Really exciting!

What do you think about DNS query logging feature in Windows system monitor? Let us know in the comments section below.

RELATED ARTICLES YOU NEED TO CHECK OUT:

DNS server not authoritative for zone error on Command Prompt [FIX]

Fix This: Your DNS Server Might be Unavailable in Windows 8, 8.1, 10

This article covers:Topics: