Windows 10: Sysmon DNS Query Support

I have been trying to generate Sysmon Event ID 22 DNS Query logs using the below xml format <Sysmon schemaversion="4.90"> <EventFiltering> <DnsQuery onmatch="exclude" /> </EventFiltering> </Sysmon>But I am only able to see logs with QueryResults: type: 5 and not any other number in place of 5. Example values like type: 1, type: 2, type: 3 etc.. How do I generate logs with different numbers for type field in QueryResults? Can you let me know the xml format that can be used

:)

 

DNS problems with router

A couple suggestions I have for you:

Update the firmware on the router. Maybe it's getting into a badstate, and a firmware update might fix it. Or if you're comfortable with it, install a custom firmware like dd-wrt. Just make sure its supported on your router first.

Change your DNS to: 8.8.8.8, 4.2.2.1. Might help.

If none of these work, maybe statically set your DNS on your PS3/PC to the IPs you listed, taking the router out of the lookup procedure.

Last option, is look for a new router.

 

Browser DNS querries-?

Hello @Chris77 I may be wrong but a slight hint of mildly objectionable old tracker/spyware may be suggested in the description you have provided so far. Many Internet users would prefer their devices refrained from "calling home" even years after the fact...

1. Please share the browser's name and its full/current version number of the one in question. Chrome or a derivative?
2. Also, when that browser in question makes that DNS server query, is it the same DNS IP address value as in that computer's Windows' Network Connections setting?
3. If you were to change that computer's Windows' DNS server IP setting, would the unknown browser in question DNS query follow?
4. Regardless of that computer's Windows DNS server choice, will a possible gateway's/router's override setting take presedense over that of any device request on its LAN side?
5. Concerning the gateway/router in use - is it ISP provided and you are disallowed from re-configuring?

It would be most helpful, and appreciated, if you answered by number. Thank you.

 

faster dns?

Just my opinion, I think you're barking up the wrong tree.
newtekie1 is correct in the assessment made.

And, also, once your system retrieves the resolved name, it stores it in your DNS cache and uses it.
So, basically, unless you or your system flushes the cache or the info changes, your system does not have to retrieve the resolved name from the remote DNS server.

What is the DNS cache?

If you wish to make a local dns server at home you can use windows server, linux, and other OSes.
Here is some info for RedHat, however, I doubt it will help your online gaming.

And, you may wish to do some reading up on the subject.
Here is a start... DNS Name Server Concepts and Operation. Set aside some time, as, it is a lot of reading.

You may just wanna do a little more testing (Gibson Research Corporation's Domain Name Speed Benchmark).
Pick the fastest and live with it.
You can use this to switch between DNS servers for testing or just picking the ones you like: Dns Jumper v1.0.4 by Sordum.net

You might want to look to other avenues to improve your on-line gaming experience.
EX: change your isp to one of better quality service, increase your speed, tweak your network settings, move, etc.

Good luck on saving that millisecond here and there.*Smile