Improve DNS logging options
Allow us to put a filter in to log for specific lookups. We should be able to specify a list of names, a list of domains. We will at times have a misbehaving client or piece of malware, or we have an old domain or host and we'd like to know what's still using it. Being able to create a targeted log for these types of situations would often come in handy. As it is, we end up needing to run a network capture on all our domain controllers. The ability to use a Powershell or dnscmd command to add a log filter to all the DC's would be very powerful.
"DNS analytical packet logging" is an improvement however the .etl cannot be viewed until logging is stopped. Optimally this logging would occur just like IIS or traditional windows events where the log can be queried in near real-time.
Thanks for the feedback.
We have invested a lot on the DNS analytical packet logging in 2012R2.
We will be working in the direction to make the logs more suitable to different customer scenarios.