The default location for DNS logs is: %systemroot%\system32\dns\dns.log
To change that locaton modify/create the registry key:
HKLM\System\CurrentControlSet\Services\DNS\Parameters\LogFilePath.
It appears you need to restart the DNS service to have the change take effect.
Note/Bug: The DNS "Logging" tab will still say "%systemroot%\system32\dns\dns.log".
Detecting domains that resolve to your server but your server does have an
entry for it anymore:
In the DNS "Logging" tab select the options (might be able to trim this list
down):
Query
Answers
Receive
UDP
TCP
Now let your server run for a little (depends on your DNS traffic). Stop the
server, rename the current log and restart the DNS server.
This last step makes sure the DNS Server "dumps" the log entries still in
memory.
Find a line looking like:
Rcv 66.235.180.160 e12e R Q [0280 SERVFAIL] (11)sitebuddy(3)com(0)
This means someone asked my DNS server for the domain sitebuddy.com but my DNS
server is not setup to answer (and does not do recursion).
This domain is wasting DNS traffic, you might want to consider defining a DNS
entry to have it go to another site ?