Skip to main content

Disable DNS Debug Logging

 

Generated from claude.ai

# Script to disable DNS debug logging on remote domain controllers
# -----------------------------------------------------------

# Define list of domain controllers
# You can replace this with your actual list or import from a file
$domainControllers = @(
    "DC1.example.com",
    "DC2.example.com",
    "DC3.example.com"
    # Add more DCs as needed
)

# Function to disable DNS debug logging
function Disable-DnsDebugLogging {
    param (
        [Parameter(Mandatory=$true)]
        [string]$ServerName
    )
    
    try {
        Write-Host "Connecting to $ServerName..." -ForegroundColor Yellow
        
        # Check if the server is reachable
        if (-not (Test-Connection -ComputerName $ServerName -Count 1 -Quiet)) {
            Write-Host "Cannot reach $ServerName. Skipping..." -ForegroundColor Red
            return $false
        }
        
        # Connect to remote DNS server and disable logging
        $result = Invoke-Command -ComputerName $ServerName -ScriptBlock {
            try {
                # Get DNS Server service
                $dnsServer = Get-Service -Name "DNS" -ErrorAction Stop
                
                if ($dnsServer.Status -ne "Running") {
                    return "DNS Server service is not running on this server."
                }
                
                # Disable various debug log settings via registry
                $dnsParams = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\DNS\Parameters" -ErrorAction Stop
                
                # Create a hashtable of DNS debug logging settings to disable
                $loggingSettings = @{
                    "EnableLogging" = 0
                    "LogFilePath" = ""
                    "LogFileMaxSize" = 0
                    "LogLevel" = 0
                }
                
                # Apply settings to registry
                foreach ($key in $loggingSettings.Keys) {
                    Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\DNS\Parameters" -Name $key -Value $loggingSettings[$key]
                }
                
                # Use dnscmd.exe if available for additional settings
                if (Get-Command dnscmd.exe -ErrorAction SilentlyContinue) {
                    & dnscmd.exe /config /LogLevel 0
                    & dnscmd.exe /config /LogFilePath ""
                    & dnscmd.exe /config /LogFileMaxSize 0
                }
                
                # Also disable via WMI if possible
                $dnsServerSetting = Get-CimInstance -Namespace "root\MicrosoftDNS" -Class "MicrosoftDNS_Server" -ErrorAction SilentlyContinue
                if ($dnsServerSetting) {
                    $dnsServerSetting.EnableLoggingForLocalLookupEvent = $false
                    $dnsServerSetting.EnableLoggingForPluginDllEvent = $false
                    $dnsServerSetting.EnableLoggingForRecursiveLookupEvent = $false
                    $dnsServerSetting.EnableLoggingForRemoteServerEvent = $false
                    $dnsServerSetting.EnableLoggingForServerStartStopEvent = $false
                    $dnsServerSetting.EnableLoggingForTombstoneEvent = $false
                    $dnsServerSetting.EnableLoggingForZoneDataWriteEvent = $false
                    $dnsServerSetting.EnableLoggingForZoneLoadingEvent = $false
                    $dnsServerSetting.Put()
                }
                
                return "DNS debug logging successfully disabled."
            }
            catch {
                return "Error: $_"
            }
        }
        
        # Output results
        Write-Host "$ServerName: $result" -ForegroundColor $(if ($result -like "Error:*" -or $result -like "DNS Server service is not*") { "Red" } else { "Green" })
        return ($result -notlike "Error:*")
    }
    catch {
        Write-Host "Failed to connect to $ServerName. Error: $_" -ForegroundColor Red
        return $false
    }
}

# Main script execution
Write-Host "Starting DNS debug logging disable process on all domain controllers..." -ForegroundColor Cyan
Write-Host "--------------------------------------------------------------" -ForegroundColor Cyan

$results = @{
    Success = 0
    Failed = 0
    DCs = @()
}

foreach ($dc in $domainControllers) {
    $success = Disable-DnsDebugLogging -ServerName $dc
    
    if ($success) {
        $results.Success++
        $results.DCs += @{Name = $dc; Status = "Success"}
    }
    else {
        $results.Failed++
        $results.DCs += @{Name = $dc; Status = "Failed"}
    }
}

# Summary
Write-Host "--------------------------------------------------------------" -ForegroundColor Cyan
Write-Host "Summary:" -ForegroundColor Cyan
Write-Host "Total Domain Controllers: $($domainControllers.Count)" -ForegroundColor White
Write-Host "Successfully disabled logging: $($results.Success)" -ForegroundColor Green
Write-Host "Failed to disable logging: $($results.Failed)" -ForegroundColor $(if ($results.Failed -gt 0) { "Red" } else { "Green" })
Write-Host "--------------------------------------------------------------" -ForegroundColor Cyan

# Export results to CSV if needed
$exportPath = "$env:USERPROFILE\Desktop\DNSLoggingDisableResults.csv"
$results.DCs | Select-Object @{Name="DomainController";Expression={$_.Name}}, Status | Export-Csv -Path $exportPath -NoTypeInformation
Write-Host "Results exported to: $exportPath" -ForegroundColor Cyan

 

Back to top