I currently setup my network to do all DNS through our 2003 Server, and now that there is a Cache, I'd like to pull some reports on it. I am a .NET developer and my idea is to parse a file and dump it into SQL Server.
The problem is that I don't know where Server stores the Cache. Can anyone lead me in the right direction?
I believe it is all in memory.
I know you can use the dnscmd to dump the cache with a command like this:
You can view the contents of the with the DNS MMC. From the View menu make sure the 'Advanced' option is checked. You can then click on a server and under that will be a folder named 'Cached Lookups'.
There will be a performance cost, but what you may actually want to do is enable the debug logging and then run reports against the log file, instead of trying to look at the at just the cache.
To configure debug logging open up the DNS manager, right click on the server. There is a tab 'Debug Logging'. Set the path for the log file and check the boxes to log what you want to see.
If you need to look at http requests only, you'll have to use some sort of proxy or other network tool.
You could configure a server to be the gateway router and use a tool like Wireshark to analyze the traffic.
Another option is to use a feature of some managed network switches called port mirroring. You can mirror the traffic of the port of your existing gateway router to the port of another machine and use Wireshark to capture the data.
I believe the cache exists only in memory since the records in the cache are transient and will expire based on the TTL of the records. Anyone know anything different?