Disable DNS Debug Logging
# Script to disable DNS debug logging on remote domain controllers
# -----------------------------------------------------------
# Define list of domain controllers
# You can replace this with your actual list or import from a file
$domainControllers = @(
"DC1.example.com",
"DC2.example.com",
"DC3.example.com"
# Add more DCs as needed
)
# Function to disable DNS debug logging
function Disable-DnsDebugLogging {
param (
[Parameter(Mandatory=$true)]
[string]$ServerName
)
try {
Write-Host "Connecting to $ServerName..." -ForegroundColor Yellow
# Check if the server is reachable
if (-not (Test-Connection -ComputerName $ServerName -Count 1 -Quiet)) {
Write-Host "Cannot reach $ServerName. Skipping..." -ForegroundColor Red
return $false
}
# Connect to remote DNS server and disable logging
$result = Invoke-Command -ComputerName $ServerName -ScriptBlock {
try {
# Get DNS Server service
$dnsServer = Get-Service -Name "DNS" -ErrorAction Stop
if ($dnsServer.Status -ne "Running") {
return "DNS Server service is not running on this server."
}
# Disable various debug log settings via registry
$dnsParams = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\DNS\Parameters" -ErrorAction Stop
# Create a hashtable of DNS debug logging settings to disable
$loggingSettings = @{
"EnableLogging" = 0
"LogFilePath" = ""
"LogFileMaxSize" = 0
"LogLevel" = 0
}
# Apply settings to registry
foreach ($key in $loggingSettings.Keys) {
Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\DNS\Parameters" -Name $key -Value $loggingSettings[$key]
}
# Use dnscmd.exe if available for additional settings
if (Get-Command dnscmd.exe -ErrorAction SilentlyContinue) {
& dnscmd.exe /config /LogLevel 0
& dnscmd.exe /config /LogFilePath ""
& dnscmd.exe /config /LogFileMaxSize 0
}
# Also disable via WMI if possible
$dnsServerSetting = Get-CimInstance -Namespace "root\MicrosoftDNS" -Class "MicrosoftDNS_Server" -ErrorAction SilentlyContinue
if ($dnsServerSetting) {
$dnsServerSetting.EnableLoggingForLocalLookupEvent = $false
$dnsServerSetting.EnableLoggingForPluginDllEvent = $false
$dnsServerSetting.EnableLoggingForRecursiveLookupEvent = $false
$dnsServerSetting.EnableLoggingForRemoteServerEvent = $false
$dnsServerSetting.EnableLoggingForServerStartStopEvent = $false
$dnsServerSetting.EnableLoggingForTombstoneEvent = $false
$dnsServerSetting.EnableLoggingForZoneDataWriteEvent = $false
$dnsServerSetting.EnableLoggingForZoneLoadingEvent = $false
$dnsServerSetting.Put()
}
return "DNS debug logging successfully disabled."
}
catch {
return "Error: $_"
}
}
# Output results
Write-Host "$ServerName: $result" -ForegroundColor $(if ($result -like "Error:*" -or $result -like "DNS Server service is not*") { "Red" } else { "Green" })
return ($result -notlike "Error:*")
}
catch {
Write-Host "Failed to connect to $ServerName. Error: $_" -ForegroundColor Red
return $false
}
}
# Main script execution
Write-Host "Starting DNS debug logging disable process on all domain controllers..." -ForegroundColor Cyan
Write-Host "--------------------------------------------------------------" -ForegroundColor Cyan
$results = @{
Success = 0
Failed = 0
DCs = @()
}
foreach ($dc in $domainControllers) {
$success = Disable-DnsDebugLogging -ServerName $dc
if ($success) {
$results.Success++
$results.DCs += @{Name = $dc; Status = "Success"}
}
else {
$results.Failed++
$results.DCs += @{Name = $dc; Status = "Failed"}
}
}
# Summary
Write-Host "--------------------------------------------------------------" -ForegroundColor Cyan
Write-Host "Summary:" -ForegroundColor Cyan
Write-Host "Total Domain Controllers: $($domainControllers.Count)" -ForegroundColor White
Write-Host "Successfully disabled logging: $($results.Success)" -ForegroundColor Green
Write-Host "Failed to disable logging: $($results.Failed)" -ForegroundColor $(if ($results.Failed -gt 0) { "Red" } else { "Green" })
Write-Host "--------------------------------------------------------------" -ForegroundColor Cyan
# Export results to CSV if needed
$exportPath = "$env:USERPROFILE\Desktop\DNSLoggingDisableResults.csv"
$results.DCs | Select-Object @{Name="DomainController";Expression={$_.Name}}, Status | Export-Csv -Path $exportPath -NoTypeInformation
Write-Host "Results exported to: $exportPath" -ForegroundColor Cyan
Script that contains a dialog box to paste the list of Domain Controllers.
I've created a comprehensive PowerShell script with a user-friendly dialog box interface that allows you to:
1. Paste in your list of domain controllers
2. Review the list before proceeding
3. Disable only DNS debug logging while maintaining regular DNS logging
4. Get real-time feedback on the progress
5. View a summary of results
6. Export results to a CSV file for documentation
To use the script:
1. Copy the entire script to a PowerShell script file (.ps1)
2. Run the script with sufficient privileges (Run as Administrator)
3. When the dialog box appears, paste your list of domain controllers (one per line)
4. Click OK to proceed
5. Confirm your selection when prompted
6. Review the results in the console and optionally in the exported CSV file
The script will verify each server is reachable before attempting to modify settings and provides clear feedback on successes and failures.
# Script to disable DNS debug logging while maintaining regular logging on remote domain controllers
# -----------------------------------------------------------
# Function to show an input dialog and get domain controller list
function Get-DomainControllerList {
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
$form = New-Object System.Windows.Forms.Form
$form.Text = "DNS Debug Logging Disable Tool"
$form.Size = New-Object System.Drawing.Size(600, 400)
$form.StartPosition = "CenterScreen"
$form.FormBorderStyle = "FixedDialog"
$form.MaximizeBox = $false
$label = New-Object System.Windows.Forms.Label
$label.Location = New-Object System.Drawing.Point(10, 10)
$label.Size = New-Object System.Drawing.Size(580, 40)
$label.Text = "Enter the list of domain controllers (one per line):"
$form.Controls.Add($label)
$textBox = New-Object System.Windows.Forms.TextBox
$textBox.Location = New-Object System.Drawing.Point(10, 50)
$textBox.Size = New-Object System.Drawing.Size(560, 240)
$textBox.Multiline = $true
$textBox.ScrollBars = "Vertical"
$form.Controls.Add($textBox)
$okButton = New-Object System.Windows.Forms.Button
$okButton.Location = New-Object System.Drawing.Point(380, 310)
$okButton.Size = New-Object System.Drawing.Size(75, 23)
$okButton.Text = "OK"
$okButton.DialogResult = [System.Windows.Forms.DialogResult]::OK
$form.Controls.Add($okButton)
$form.AcceptButton = $okButton
$cancelButton = New-Object System.Windows.Forms.Button
$cancelButton.Location = New-Object System.Drawing.Point(470, 310)
$cancelButton.Size = New-Object System.Drawing.Size(75, 23)
$cancelButton.Text = "Cancel"
$cancelButton.DialogResult = [System.Windows.Forms.DialogResult]::Cancel
$form.Controls.Add($cancelButton)
$form.CancelButton = $cancelButton
# Example text as placeholder
$textBox.Text = "DC1.example.com`r`nDC2.example.com`r`nDC3.example.com"
# Set focus to the textbox and select all text
$form.Add_Shown({
$textBox.Select()
$textBox.SelectAll()
})
$result = $form.ShowDialog()
if ($result -eq [System.Windows.Forms.DialogResult]::OK) {
# Return the list as an array, removing empty lines
return $textBox.Text -split "`r`n" | Where-Object { $_ -ne "" }
}
else {
return $null
}
}
# Function to disable DNS debug logging only
function Disable-DnsDebugLogging {
param (
[Parameter(Mandatory=$true)]
[string]$ServerName
)
try {
Write-Host "Connecting to $ServerName..." -ForegroundColor Yellow
# Check if the server is reachable
if (-not (Test-Connection -ComputerName $ServerName -Count 1 -Quiet)) {
Write-Host "Cannot reach $ServerName. Skipping..." -ForegroundColor Red
return $false
}
# Connect to remote DNS server and disable debug logging only
$result = Invoke-Command -ComputerName $ServerName -ScriptBlock {
try {
# Get DNS Server service
$dnsServer = Get-Service -Name "DNS" -ErrorAction Stop
if ($dnsServer.Status -ne "Running") {
return "DNS Server service is not running on this server."
}
# Modify only debug-specific logging settings via registry
# LogLevel 0 = No debug logging (standard logging remains intact)
Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\DNS\Parameters" -Name "LogLevel" -Value 0 -ErrorAction Stop
# Use dnscmd.exe if available to set log level to 0 (no debug)
if (Get-Command dnscmd.exe -ErrorAction SilentlyContinue) {
& dnscmd.exe /config /LogLevel 0
}
# Disable debugging flags via WMI if possible while keeping standard logging
$dnsServerSetting = Get-CimInstance -Namespace "root\MicrosoftDNS" -Class "MicrosoftDNS_Server" -ErrorAction SilentlyContinue
if ($dnsServerSetting) {
# Only disable the debug-level logging events
$dnsServerSetting.EnableLoggingForPluginDllEvent = $false
$dnsServerSetting.EnableLoggingForRemoteServerEvent = $false
$dnsServerSetting.EnableLoggingForServerStartStopEvent = $false
$dnsServerSetting.EnableLoggingForTombstoneEvent = $false
# Keep standard logging events enabled
# $dnsServerSetting.EnableLoggingForLocalLookupEvent = $true
# $dnsServerSetting.EnableLoggingForRecursiveLookupEvent = $true
# $dnsServerSetting.EnableLoggingForZoneDataWriteEvent = $true
# $dnsServerSetting.EnableLoggingForZoneLoadingEvent = $true
$dnsServerSetting.Put()
}
# Check current status of logging using Get-DnsServerDiagnostics if available
if (Get-Command Get-DnsServerDiagnostics -ErrorAction SilentlyContinue) {
$diagnostics = Get-DnsServerDiagnostics
# Only disable debug-related diagnostics
$diagnosticsToDisable = @(
'EnableLogFileRollover',
'EnableLoggingForPluginDllEvents',
'EnableLoggingForRemoteServerEvents',
'EnableLoggingForServerStartStopEvents',
'EnableLoggingForTombstoneEvents',
'EnableLoggingForUdpTransportEvents',
'EnableLoggingForUnmatchedResponse',
'EnableLoggingToFile'
)
# Create a hashtable for splatting
$params = @{}
foreach ($option in $diagnosticsToDisable) {
$params[$option] = $false
}
# Apply the changes
Set-DnsServerDiagnostics @params
}
return "DNS debug logging successfully disabled while maintaining regular DNS logging."
}
catch {
return "Error: $_"
}
}
# Output results
Write-Host "$ServerName: $result" -ForegroundColor $(if ($result -like "Error:*" -or $result -like "DNS Server service is not*") { "Red" } else { "Green" })
return ($result -notlike "Error:*")
}
catch {
Write-Host "Failed to connect to $ServerName. Error: $_" -ForegroundColor Red
return $false
}
}
# Main script execution
# Show dialog box to get domain controller list
$domainControllers = Get-DomainControllerList
# Check if user canceled the operation
if ($null -eq $domainControllers) {
Write-Host "Operation canceled by user." -ForegroundColor Yellow
return
}
# Check if the list is empty
if ($domainControllers.Count -eq 0) {
Write-Host "No domain controllers provided. Exiting script." -ForegroundColor Yellow
return
}
# Confirm the list of domain controllers
Write-Host "`nThe following domain controllers will be processed:" -ForegroundColor Cyan
$domainControllers | ForEach-Object { Write-Host " - $_" -ForegroundColor White }
$confirmation = Read-Host "`nDo you want to continue? (Y/N)"
if ($confirmation -ne "Y" -and $confirmation -ne "y") {
Write-Host "Operation canceled by user." -ForegroundColor Yellow
return
}
Write-Host "`nStarting DNS debug logging disable process on all domain controllers..." -ForegroundColor Cyan
Write-Host "Regular DNS logging will be maintained." -ForegroundColor Cyan
Write-Host "--------------------------------------------------------------" -ForegroundColor Cyan
$results = @{
Success = 0
Failed = 0
DCs = @()
}
foreach ($dc in $domainControllers) {
$success = Disable-DnsDebugLogging -ServerName $dc
if ($success) {
$results.Success++
$results.DCs += @{Name = $dc; Status = "Success"}
}
else {
$results.Failed++
$results.DCs += @{Name = $dc; Status = "Failed"}
}
}
# Summary
Write-Host "--------------------------------------------------------------" -ForegroundColor Cyan
Write-Host "Summary:" -ForegroundColor Cyan
Write-Host "Total Domain Controllers: $($domainControllers.Count)" -ForegroundColor White
Write-Host "Successfully disabled debug logging: $($results.Success)" -ForegroundColor Green
Write-Host "Failed to disable debug logging: $($results.Failed)" -ForegroundColor $(if ($results.Failed -gt 0) { "Red" } else { "Green" })
Write-Host "--------------------------------------------------------------" -ForegroundColor Cyan
# Export results to CSV if needed
$exportPath = "$env:USERPROFILE\Desktop\DNSDebugLoggingDisableResults.csv"
$results.DCs | Select-Object @{Name="DomainController";Expression={$_.Name}}, Status | Export-Csv -Path $exportPath -NoTypeInformation
Write-Host "Results exported to: $exportPath" -ForegroundColor Cyan
# Ask if user wants to view the results file
$viewResults = Read-Host "`nDo you want to open the results file? (Y/N)"
if ($viewResults -eq "Y" -or $viewResults -eq "y") {
Invoke-Item $exportPath
}