Log all DNS activity on your Windows PCs with DNSLookupView

Martin Brinkmann
Aug 12, 2021
Updated • Aug 12, 2021
Software, Windows software, Windows tips
|
8

DNSLookupView is a new portable application by Nirsoft, which logs all DNS activity on Windows devices. DNS is a cornerstone of the Internet, as it translates domain names such as ghacks.net into IP addresses. Communication on the Internet needs DNS, and DNS may reveal a lot about a user's activity on the Internet.

While DNS does not reveal the actual pages a user visits, it does reveal the domain names that are accessed on a device. Recently, several initiatives have been started to make DNS more secure by encrypting the communication. DNS over HTTPS is probably the most popular option right now, as it is implemented in several web browsers (see Firefox and Chrome) and Microsoft's Windows 10 operating system. Alternatives, such as DNS Crypt exist as well.

DNS communication happens in plain text by default, and that leaves the door wide open for network snooping and other forms of spying on user communcations.

DNSLookupView

DNSLookupView is a portable program for Microsoft Windows devices. It is compatible with Windows 8.1 and up, and can be downloaded free of charge from the Nirsoft website. Just extract the archive it is supplied as after the download finishes and run the program to use it.

Nir Sofer describes how the program works on the official webpage.

This tool uses the event tracing of Windows operating system with the 'Microsoft-Windows-DNS-Client' provider ( 1C95126E-7EEA-49A9-A3FE-A378B03DDB4D ). The captured event ID is 3008, which contains the information about every DNS query handled by the DNS Client service of Windows.

Activate the play button in the program's toolbar to start the recording. DNS queries are added to the program interface as they happen from that moment on. For each query, information such as the host name, query type and result, process or process folder is listed.

Sort the data with a click on a table header, e.g. by process name or host. Select the stop button to stop the logging.

Nirsoft applications come with export functionality; select the HTML report options under the View menu, or use File > Save Selected Items to save a selection (or all) to various formats including txt or csv.

You may also run the program from the command line to capture and save logs without user interface.

Positive

  • DNSLookupView is a free portable program that requires no installation
  • The program logs all DNS queries that happen on the system.

Negative

  • No filter to display only errors / certain types of queries.

Closing Words

DNSLookupView is a straightforward application, just like many other Nirsoft programs. It is useful if you want to monitor DNS traffic, e.g. to spot programs that communicate with the Internet without your consent, for troubleshooting purposes, or just for getting an overview of the communication.

Now You: which DNS provider do you use?

Summary
Author Rating
4 based on 9 votes
Software Name
DNSLookupView
Operating System
Windows
Software Category
Networking
Landing Page
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Tom Hawack said on August 12, 2021 at 4:54 pm
    Reply

    DNSCrypt-proxy here delivering its query log among several others.

    I’ll try DNSLookupView as soon as it gets integrated in the developer’s Nirlauncher application (next update presumably).

  2. KNTRO said on August 12, 2021 at 12:44 pm
    Reply

    The “Landing Page” link of the Summary is wrong.

  3. Anonymous said on August 12, 2021 at 11:50 am
    Reply

    The landing page link is not working. Try https://www.nirsoft.net/utils/dns_lookup_view.html

  4. Paul(us) said on August 12, 2021 at 11:25 am
    Reply

    Hallo Martin,
    Your Landing page link http://DNSLookupView/ is not responding.
    Maybe because it should be ? https://www.nirsoft.net/utils/dns_lookup_view.html

    I also have a question I am correct to assume that DNS over https will be included in Windows 10 21H2 or maybe even later in Windows 11?

    A second not related question is the WinPass11 1.0.0.0 Stable program.
    (https://github.com/ArkaneDev/WinPass11) which is a free program, that will no longer be receiving further updates, a portable app that allows you to install Windows 11 even when you don’t meet the requirements.
    Do you know or this will work?

  5. Al CiD said on August 12, 2021 at 11:24 am
    Reply

    Moin,

    der Link “Landing Page” ist gar keiner ;-)

    Hier der richtige: https://www.nirsoft.net/utils/dns_lookup_view.html
    .

    1. Martin Brinkmann said on August 12, 2021 at 11:54 am
      Reply

      Thank you (all) for reporting. I fixed it. Sorry!

  6. Shadowed said on August 12, 2021 at 8:39 am
    Reply

    “The program logs all DNS queries that happen on the system”
    Not necessarily. Programs usually do DNS lookup trough OS and that would be logged but they can also have built-in DNS client and communicate with DNS server directly.

    1. Steve said on August 15, 2021 at 2:18 pm
      Reply

      Key phrase is “… View the details of every DNS query sent through the DNS Client service of Windows”: *DNS Client Service*. I tested this utility using dnscrypt as an example, it does not display any DNS activity as I’m sure DoH will not either. But for stock users, this tool will prove invaluable in providing knowledge of what their machines are doing behind their backs and show what corporations are doing with their machines – where any socket opened without a user’s consent should be considered spyware.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.