none
What do ipconfig /displaydns records? RRS feed

  • Question

  • I would like to know on what ipconfig /displaydns is recorded.

    Does anyone have any suggestions?
    Thanks in advance for any suggestions

    Thanks in advance for any suggestions

    Monday, February 17, 2020 4:09 PM

Answers

  • The fields in the output of /displaydns correspond to the fields of an actual DNS reply.

         In a DNS server's database, each piece of data is a "resource record".

        "Record name" is the name you query DNS for, and the records (addresses or something else) belong to that name.

        "Record type" is the type, displayed as a number - although more commonly they are referred to by their names, internally (in the DNS protocol) each has a number. Type 1 is "A" for "address", an IPv4 address. (IPv6 uses type 28, "AAAA", for an address four times as long.) "PTR", type 12, is a "pointer" to a hostname - most used when mapping an IP address back to its name. "CNAME" is "canonical name".

        "Time To Live" is the time in seconds after which the cache entry must expire.

        "Data Length" appears to be the length in bytes - an IPv4 address is four bytes, IPv6 is sixteen bytes. For CNAME or PTR, Windows displays a static number (either 4 or 8, depending on your system) - this is actually the size of a memory address where the actual text is kept.

        The "answer" section of a DNS reply is the actual answer to the query, and "additional" contains information that will likely be needed to find the actual answer. For example, glue records.

        "<type> record" shows the actual value stored.

    • Marked as answer by oemMicrosoft Wednesday, February 19, 2020 1:15 AM
    Monday, February 17, 2020 6:09 PM

All replies

  • You can refer to this thread which seems to answer your question: https://superuser.com/questions/230308/explain-output-of-ipconfig-displaydns

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Monday, February 17, 2020 9:34 PM
  • If any program access internet, would DNS always keep a record under DNS log?

    Do you have any suggestions?
    Thanks, to everyone very much for any suggestions (^v^)


    Thanks in advance for any suggestions

    Tuesday, February 18, 2020 7:26 AM
  • It is not a log - it is just the current contents of the DNS cache.


    \_(ツ)_/

    Tuesday, February 18, 2020 8:10 AM
  • The following command will get you the same information as a collection of DNS record objects which can easily b exported or saved in a database.

    Get-DnsClientCache

    help Get-DnsClientCache -full


    \_(ツ)_/

    Tuesday, February 18, 2020 8:13 AM
  • It is not a log - it is just the current contents of the DNS cache.


    \_(ツ)_/

    DNS cache refers to the temporary storage of information about previous DNS lookups on a machine’s OS or web browser.

    Do DNS cache always collect whatever program access internet from PC? including virus or malware

    Do you have any suggestions?
    Thanks, to everyone very much for any suggestions (^v^)


    Thanks in advance for any suggestions

    Tuesday, February 18, 2020 9:41 PM
  • Most malware uses IP addresses and not DNS.  DNS lookups from any thing that uses DNS are temporarily in the cache.  They are removed after a time.

    You can set the event log to retain all lookups but that can be a load on a system if there are many different lookups.


    \_(ツ)_/

    Tuesday, February 18, 2020 9:52 PM
  • If malware uses IP address to connect into Internet, what cmd should be used to view the records just like DNS cache for those connection history?

    Do you have any suggestions?
    Thanks, to everyone very much for any suggestions (^v^)


    Thanks in advance for any suggestions

    Tuesday, February 18, 2020 10:11 PM
  • There are no records for direct IP access.

    None of your questions have anything to do with scripting.  I recommend that you study Windows networking until you understand how this works and how Windows manages the network.  

    Your original question has been answered in multiple ways.  Your new questions should be asked in the Windows Server networking forum.  

    You can also purchase software that will do what you ask or you can capture your router logs to track all accesses.  If this is an issue of security then you really should contact a security consultant to help you get set up correctly.  Scripting is not a good choice for security compliance and management if you are not trained in networking, Windows and network/computer security.  Don't take chances.


    \_(ツ)_/

    Tuesday, February 18, 2020 10:28 PM
  • Thanks, to everyone very much for suggestions (^v^)

    Thanks in advance for any suggestions

    Wednesday, February 19, 2020 1:15 AM