We have our AD servers logging DNS queries with debug information turned on. Obviously there is a lot of information in the logs. Couple of questions:
- Is there a full format description for the log entries I can find somewhere? Searching hasn't given me a lot except for high level overviews on portions of the log enries rather than a full spec. It's somewhat self-describing, but would still love to see a definition.
- Are queries logged serially? I'm reviewing an entry and the results are confusing to me. I'm wondering if perhaps portions (individual lines) from another query could be intermingled? In other words, from the UDP Snd ..... line, can I assume all text following it relates to that response until the next beginning of linetimestamp (or Snd/Rcv line) appears?
Thanks,
Ray