How to identify which systems are using a specific DNS IP
We have a DNS server on win server 2008 and want to discontinue it but this is a very old server that's why too many servers are still using this server. Please suggest the way/script to identify which domain-joined systems/network cards still using that DNS IP.
I've tried many websites and scripts but nothing worked for me. Need your expert opinion,
First option is to look at the logs, if any. You might be able to increase the log level to get the required information.
Second is to install Wireshark on it and set a filter for all the packets that come to port 53 (most will be UDP, but some might be TCP). That will give you a good overview.
If installing additional software on the server is not an option, and if your switching infra supports it, you can use a SPAN/copy/monitoring port and use a system with Wireshark on that port to do exactly the same.
Again, depending on your network, you might use netflow on the routers. This is a more elaborate solution.
And you could also prepare a new DNS server, copy the information to it, and just replace the old one using the same IP address. If you want to continue providing the DNS service, that is perhaps the easiest solution.