none
dns queries. RRS feed

  • Question

  • I am trying to setup so my dns query logs go to another server.  The files are created ok but it doesn't seem to be working.  In the logs I am seening  the following.

    The DNS server was unable to open file \\server\d$\dnslogs\server.txt for write. Most likely the file is a zone file that is already open. Close the zone file and re-initiate zone write.

    What security rights do I need on that folder.

    Thursday, November 5, 2009 5:54 PM

Answers

All replies

  • The problem is likely to be because the DNS Service runs (by default) under the Local System account.  You could try changing this to Network Service, but I have no idea what side effects changing the default could have.  You would want to test this thoroughly in your lab environment before going ahead in production.

    Tony

    Thursday, November 5, 2009 7:21 PM
  • ...and in fact it looks like it is not supported to change the default:

    http://support.microsoft.com/default.aspx/kb/255281

    One workaround might be to write a script that copies the dns query logs off to another server at intervals.

    Tony
    Thursday, November 5, 2009 7:24 PM
  • Or create null session shares (http://support.microsoft.com/kb/289655) - just keep in mind security implications...

    hth
    Marcin

    Thursday, November 5, 2009 7:42 PM
  • You need to create a share and allow Everyone or just the computer account access via Change and Read/Write.  You can't use the hidden share C$, D$ etc, because those are restricted to administrative users only.

    Everyone includes computer accounts that attempt remote acces via the Local System account.

    Here is another example of this issue.
    Redirection of output to Network Share fails
    http://networkadminkb.com/kb/Knowledge%20Base/Windows2003/Redirection%20of%20output%20to%20Network%20Share%20fails%20in%20Computer%20Startup%20Script.aspx

    Friday, November 6, 2009 2:48 AM
  • Hi,

     

    How’s everything going? I’m wondering if the suggestions help solving the issue. If the issue persists, please temporarily disable the antivirus on the target server and check the result.

     

    I look forward to your response.

     

    Joson Zhou

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, November 11, 2009 6:31 AM
    Moderator