在解決這類問題時,首先要做的一件事是啟用DNS 调试日志。但是當你被迫查看调试日志時,你會有一個不愉快的體驗。通過使用PowerShell創建一個 DNS 调试日志解析腳本,可以讓它變得更加容易!
如何使用 PowerShell 构建 DNS 调试日志解析器
你有很多不同的選項來進行調試,但在我的情況下,我需要更多關於動態更新的信息。這是我的一個 DNS 服務器的配置。
啟用此功能後,它將在您指定的文件路徑下創建一個日志文件,其格式如下:
被標記的行的第一行是 IP 地址,最後一行是它嘗試更新的 DNS 記錄。由於明顯的原因,這些行被標記了出來。根據您選擇的選項,此日志文件可能會變得非常龐大,並且不容易閱讀。
如果我只想過濾出一個特定的 IP,或者按特定的時間範圍縮小範圍,該怎麼辦?你無法使用默認的日志文件達到這一點。這就是我使用 PowerShell 創建 DNS 調試日志解析腳本的原因。
下面的腳本將此日志文件解析為一個漂亮的 CSV 文件,格式如下:
這樣看起來好多了,對吧?該腳本會從日誌文件中查找任何錯誤並解析出日期、IP和錯誤信息,然後將其放入格式良好的CSV文件中。它還會排除所有DNS服務器的IP地址。
不知為何,無論您選擇哪個選項,我發現DNS服務器的IP地址仍然會出現。我只需要知道哪個客戶端IP地址在更新其DNS記錄時出現問題。
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -Module ActiveDirectory | |
| $dnsServer = ‘‘ ## This is the server name as a NETBIOS or FQDN | |
| $OutputFilePath = ‘C:\DNSDebugLogSummary.csv‘ ## The CSV file that will be created | |
| ## The log file you specified in the debug logging dialog box | |
| $DnsDebugLogFilePath = “\$dnsServer\c$\DnsDebugLog.log“ | |
| ## Find all of the DNS server IPs in the current domain | |
| $DnsServerIPs = ((Get-ADDomain).ReplicaDirectoryServers | Resolve-DnsName).IPAddress | |
| Write-Verbose –Message “Found DNS servers $($DnsServerIPs -join ‘,‘)“ | |
| ## Find all lines in the log file that don’t contain the strings ‘NOERROR’ or are blank. This | |
| ## retrieves only the lines with errors in them. | |
| Select-String –Pattern ‘NOERROR|^\s*‘ –Path $DnsDebugLogFilePath -NotMatch | foreach { | |
| try { | |
| ## Find lines containing an IP address | |
| if ($_.Line -match ‘\b(?:\d{1,3}\.){3}\d{1,3}\b‘) { | |
| Write-Verbose –Message ‘Found line with IP address.‘ | |
| $IP = $Matches[0] | |
| ## If the IP isn’t a DNS server it must be a client IP | |
| if ($DnsServerIPs -notcontains $IP) { | |
| Write-Verbose “Processing IP ‘$IP‘“ | |
| $Split = $_.Line.Split(‘ ‘) | |
| $Date = $Split[0] | |
| $Time = $Split[1] + $Split[2] | |
| $Err = [regex]::Match($_.Line, ‘\[(.*)\]‘).Groups[1].Value | |
| [pscustomobject]@{ ‘Date‘ = “$Date $Time“; ‘IP‘ = $IP; ‘Error‘ = $Err } | |
| } | |
| } | |
| } catch { | |
| Write-Warning $_.Exception.Message | |
| } | |
| } | Export-Csv –Path $OutputFilePath –Append –NoTypeInformation |