{"id":353,"date":"2025-04-08T14:59:50","date_gmt":"2025-04-08T20:59:50","guid":{"rendered":"https:\/\/blog.d5.ca\/?p=353"},"modified":"2026-01-12T15:52:00","modified_gmt":"2026-01-12T22:52:00","slug":"logging-and-reviewing-dns-client-queries-in-windows-using-powershell","status":"publish","type":"post","link":"https:\/\/blog.d5.ca\/?p=353","title":{"rendered":"Logging and Reviewing DNS Client queries in Windows using PowerShell"},"content":{"rendered":"<p>By default, Windows does not log DNS queries, but the log can be enabled.<!--more--><\/p>\n<p>The DNS client log can be found in Event Viewer under:<br \/>\nApplications and Services Logs<br \/>\nMicrosoft<br \/>\nWindows<br \/>\nDNS Client Events<br \/>\nOperational<br \/>\nIn event viewer, right-click the log and select &#8220;Enable Log&#8221; to begin logging.<\/p>\n<p>To enable the log using Powershell, with a maximum size of 16MB:<\/p>\n<pre>$log = Get-WinEvent -ListLog 'Microsoft-Windows-DNS-Client\/Operational'\r\n$log.IsEnabled = $True\r\n$log.MaximumSizeInBytes = 16777216 \r\n$log.SaveChanges()<\/pre>\n<p>To search the log for successful queries in Powershell:<\/p>\n<pre>Get-WinEvent Microsoft-Windows-DNS-Client\/Operational | ?{$_.Id -like \"3008\"} | Out-GridView<\/pre>\n<p>To search for a specific domain, such as google.com:<\/p>\n<pre>Get-WinEvent Microsoft-Windows-DNS-Client\/Operational | ?{$_.Id -like \"3008\" -and $_.Message -like \"*google.com*\"} | Out-GridView<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>By default, Windows does not log DNS queries, but the log can be enabled.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[25],"tags":[38,37],"class_list":["post-353","post","type-post","status-publish","format-standard","hentry","category-reference","tag-dns","tag-windows"],"_links":{"self":[{"href":"https:\/\/blog.d5.ca\/index.php?rest_route=\/wp\/v2\/posts\/353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.d5.ca\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.d5.ca\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.d5.ca\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.d5.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=353"}],"version-history":[{"count":1,"href":"https:\/\/blog.d5.ca\/index.php?rest_route=\/wp\/v2\/posts\/353\/revisions"}],"predecessor-version":[{"id":354,"href":"https:\/\/blog.d5.ca\/index.php?rest_route=\/wp\/v2\/posts\/353\/revisions\/354"}],"wp:attachment":[{"href":"https:\/\/blog.d5.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.d5.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.d5.ca\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}