Jump to content

(Guide/Review) Log all DNS activity on your Windows PCs with DNSLookupView


Karlston

Recommended Posts

DNSLookupView is a new portable application by Nirsoft, which logs all DNS activity on Windows devices. DNS is a cornerstone of the Internet, as it translates domain names such as ghacks.net into IP addresses. Communication on the Internet needs DNS, and DNS may reveal a lot about a user's activity on the Internet.

 

While DNS does not reveal the actual pages a user visits, it does reveal the domain names that are accessed on a device. Recently, several initiatives have been started to make DNS more secure by encrypting the communication. DNS over HTTPS is probably the most popular option right now, as it is implemented in several web browsers (see Firefox and Chrome) and Microsoft's Windows 10 operating system. Alternatives, such as DNS Crypt exist as well.

 

DNS communication happens in plain text by default, and that leaves the door wide open for network snooping and other forms of spying on user communcations.

DNSLookupView

dnslookupview-dns-log.png

 

DNSLookupView is a portable program for Microsoft Windows devices. It is compatible with Windows 8.1 and up, and can be downloaded free of charge from the Nirsoft website. Just extract the archive it is supplied as after the download finishes and run the program to use it.

 

Nir Sofer describes how the program works on the official webpage.

This tool uses the event tracing of Windows operating system with the 'Microsoft-Windows-DNS-Client' provider ( 1C95126E-7EEA-49A9-A3FE-A378B03DDB4D ). The captured event ID is 3008, which contains the information about every DNS query handled by the DNS Client service of Windows.

 

Activate the play button in the program's toolbar to start the recording. DNS queries are added to the program interface as they happen from that moment on. For each query, information such as the host name, query type and result, process or process folder is listed.

 

Sort the data with a click on a table header, e.g. by process name or host. Select the stop button to stop the logging.

 

export-dns-data.png

 

Nirsoft applications come with export functionality; select the HTML report options under the View menu, or use File > Save Selected Items to save a selection (or all) to various formats including txt or csv.

 

You may also run the program from the command line to capture and save logs without user interface.

 

Positive

 

  • DNSLookupView is a free portable program that requires no installation
  • The program logs all DNS queries that happen on the system.

 

Negative

 

  • No filter to display only errors / certain types of queries.

Closing Words

DNSLookupView is a straightforward application, just like many other Nirsoft programs. It is useful if you want to monitor DNS traffic, e.g. to spot programs that communicate with the Internet without your consent, for troubleshooting purposes, or just for getting an overview of the communication.

 

Landing Page: https://www.nirsoft.net/utils/dns_lookup_view.html

 

 

Log all DNS activity on your Windows PCs with DNSLookupView

Link to comment
Share on other sites


  • Views 1.3k
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...