Microsoft-Windows-DNS-Client

107 events across 2 channels

Event ID	Title	Channel
1000	There are currently no IPv4 DNS servers configured for any interface on this …	Operational
1001	Interface: Interface Total DNS Server Count: TotalServerCount Index: Index …	Operational
1002	The DNS server being queried for interface Interface has changed to Address.	Operational
1003	The following DNS server(s) were successfully validated as active servers that …	Operational
1004	The following DNS server(s) were successfully validated as active servers that …	System
1005	The client was unable to validate the following as active DNS server(s) that can …	Operational
1006	The client was unable to validate the following as active DNS server(s) that can …	System
1007	The primary DNS suffix for this machine is missing.	Operational
1008	The primary DNS suffix for this machine is missing.	System
1009	The primary DNS suffix for this machine (DnsSuffix) does not match the Active …	Operational
1010	The primary DNS suffix for this machine (DnsSuffix) does not match the Active …	System
1011	There was an error while attempting to read the local hosts file.	Operational
1012	There was an error while attempting to read the local hosts file.	System
1013	Name resolution for the name QueryName timed out after none of the configured …	Operational
1014	Name resolution for the name QueryName timed out after none of the configured …	System
1015	Name resolution for the name QueryName timed out after the DNS server Address …	Operational
1016	A name not found error was returned for the name QueryName.	Operational
1017	The DNS server's response to a query for name QueryName indicates that no …	Operational
1018	The response for the query QueryName was a Link Local IP address Address.	Operational
1019	There are currently no IPv6 DNS servers configured for any interface on this …	Operational
1020	Read DNS Name Resolution Policy Table: Key Name KeyName: DNSSEC Settings: …	Operational
1021	Matched Effective policy for query name QueryName: Key Name KeyName: …	Operational
1022	Name resolution for the name, QueryName, will not fall back to LLMNR or NetBIOS.	Operational
1023	Name resolution policy table has been corrupted.	System
1024	Transaction ID of the response for query QueryName from server Address did not …	Operational
1025	The DNS server IP Address of the response for query QueryName is not configured …	Operational
1026	The question (ResponseQuestion) in the response from server Address does not …	Operational
1027	DNS Name resolution for the name, QueryName, failed because the client was …	Operational
1028	Matched effective policy for query name QueryName: Key Name KeyName: …	Operational
3000	DNS Query is initiated for the name QueryName and for the type QueryType with …	Operational
3001	DNS Query operation is completed with result Status.	Operational
3002	DNS Cache lookup is initiated for the name QueryName and for the type QueryType …	Operational
3003	DNS Cache lookup operation for the name QueryName and for the type QueryType is …	Operational
3004	DNS FQDN Query is initiated for the name QueryName and for the type QueryType …	Operational
3005	DNS FQDN Query operation for the name QueryName and for the type QueryType is …	Operational
3006	DNS query is called for the name QueryName, type QueryType, query options …	Operational
3007	DnsQueryEx for the name QueryName is pending.	Operational
3008	DNS query is completed for the name QueryName, type QueryType, query options …	Operational
3009	Network query initiated for the name QueryName (is parallel query …	Operational
3010	DNS Query sent to DNS Server DnsServerIpAddress for name QueryName and type …	Operational
3011	Received response from DNS Server DnsServerIpAddress for name QueryName and type …	Operational
3012	NETBIOS query is initiated for name QueryName on network index NetworkIndex with …	Operational
3013	NETBIOS query is completed for name QueryName with status Status and results …	Operational
3014	NETBIOS query for the name QueryName is pending.	Operational
3015	DnsQueryEx is canceled for the name QueryName.	Operational
3016	Cache lookup called for name QueryName, type QueryType, options QueryOptions and …	Operational
3018	Cache lookup for name QueryName, type QueryType and option QueryOptions returned …	Operational
3019	Query wire called for name QueryName, type QueryType, interface index …	Operational
3020	Query response for name QueryName, type QueryType, interface index NetworkIndex …	Operational
3023	Initiating resolver operation OperationName, name Name, flag Flag, client PID …	Operational
3024	Server ActualServer failed to validate DDR certificate for original address …	System
8001	Unable to start DNS Client service.	System
8002	Unable to start DNS Client service because the system failed to allocate memory …	System
8003	The system failed to register network adapter with settings.	System
8004	The system failed to register network adapter with settings.	System
8005	The system failed to register network adapter with settings.	System
8006	The system failed to register network adapter with settings.	System
8007	The system failed to register network adapter with settings.	System
8008	The system failed to register network adapter with settings.	System
8009	The system failed to register pointer (PTR) resource records (RRs) for network …	System
8010	The system failed to register pointer (PTR) resource records (RRs) for network …	System
8011	The system failed to register pointer (PTR) resource records (RRs) for network …	System
8012	The system failed to register pointer (PTR) resource records (RRs) for network …	System
8013	The system failed to register pointer (PTR) resource records (RRs) for network …	System
8014	The system failed to register pointer (PTR) resource records (RRs) for network …	System
8015	The system failed to register host (A or AAAA) resource records (RRs) for …	System
8016	The system failed to register host (A or AAAA) resource records (RRs) for …	System
8017	The system failed to register host (A or AAAA) resource records for network …	System
8018	The system failed to register host (A or AAAA) resource records (RRs) for …	System
8019	The system failed to register host (A or AAAA) resource records (RRs) for …	System
8020	The system failed to register host (A or AAAA) resource records (RRs) for …	System
8021	The system failed to update and remove registration for the network adapter with …	System
8022	The system failed to update and remove registration for the network adapter with …	System
8023	The system failed to update and remove registration for the network adapter with …	System
8024	The system failed to update and remove registration for the network adapter with …	System
8025	The system failed to update and remove registration for the network adapter with …	System
8026	The system failed to update and remove the DNS registration for the network …	System
8027	The system failed to update and remove pointer (PTR) resource records (RRs) for …	System
8028	The system failed to update and remove pointer (PTR) resource records (RRs) for …	System
8029	The system failed to update and remove pointer (PTR) resource records (RRs) for …	System
8030	The system failed to update and remove pointer (PTR) resource records (RRs) for …	System
8031	The system failed to update and remove pointer (PTR) resource records (RRs) for …	System
8032	The system failed to update and remove pointer (PTR) resource records (RRs) for …	System
8033	The system failed to update and remove host (A or AAAA) resource records (RRs) …	System
8034	The system failed to update and remove host (A or AAAA) resource records (RRs) …	System
8035	The system failed to update and remove host (A or AAAA) resource records (RRs) …	System
8036	The system failed to update and remove host (A or AAAA) resource records (RRs) …	System
8037	The system failed to update and remove host (A or AAAA) resource records (RRs) …	System
8038	The system failed to update and remove host (A or AAAA) resource records (RRs) …	System
8040	A DNS interception provider has been loaded.	System
8042	A DNS interception provider performed an illegal operation.	System
8043	DNS-over-HTTPS query initiated to server Server for the name NameQuery, on …	Operational
8044	DNS-over-TLS query initiated to server Server for the name NameQuery, on …	Operational
8045	DNS-over-HTTPS request to server Server with template TemplateName returned HTTP …	Operational
8046	DNS-over-HTTPS request to server Server with template TemplateName failed with …	Operational
8047	DNS-over-TLS request to server Server with hostname Hostname failed with error …	Operational
8048	DNS-over-HTTPS request failed to obtain valid SSL certificate from server …	System
8049	DNS-over-TLS request failed to obtain valid SSL certificate from server Server, …	System
8050	Windows DNS Client process mitigations: SystemCall: SystemCallDisable, …	Operational
60004	Error: Error Location: Location Context: Context.	Operational
60005	Warning: Warning Location: Location Context: Context.	Operational
60006	Transitioned to State: NextState Context: Context.	Operational
60007	Updated Context: Updated_Context Update Reason: Update_Reason.	Operational
60008	Name resolution policy table has been corrupted.	Operational
60101	SourceAddress: SourceAddress SourcePort: SourcePort DestinationAddress: …	Operational
60102	SourceAddress: SourceAddress SourcePort: SourcePort DestinationAddress: …	Operational
60103	Interface Guid: Interface_Guid IfIndex: IfIndex Interface Luid: Interface_Luid …	Operational

Event ID 1000 — There are currently no IPv4 DNS servers configured for any interface on this host.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsNoServerConfigV4

Description

There are currently no IPv4 DNS servers configured for any interface on this host. Please configure DNS server settings, or renew your dynamic IP settings.

Message #

There are currently no IPv4 DNS servers configured for any interface on this host. Please configure DNS server settings, or renew your dynamic IP settings.

Fields #

Name	Description
`Location` UInt32	—
`Context` UInt32	—

Event ID 1001 — Interface: Interface Total DNS Server Count: TotalServerCount Index: Index Address: Address (DynamicAddress).

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Task: DnsServerForInterface

Description

Interface: Interface Total DNS Server Count: TotalServerCount Index: Index Address: Address (DynamicAddress).

Message #

Interface: %1 Total DNS Server Count: %2 Index: %3 Address: %6 (%4)

Fields #

Name	Description
`Interface` UnicodeString	—
`TotalServerCount` UInt32	—
`Index` UInt32	—
`DynamicAddress` UInt8	—
`AddressLength` UInt32	—
`Address` Binary	—
`Total_DNS_Server_Count`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 1001,
    "version": 0,
    "level": 4,
    "task": 1001,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:40.334238+00:00",
    "event_record_id": 1,
    "correlation": {},
    "execution": {
      "process_id": 1732,
      "thread_id": 8072
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "Interface": "Ethernet",
    "TotalServerCount": 1,
    "Index": 1,
    "DynamicAddress": 0,
    "AddressLength": 16,
    "Address": "020000000A020A0B0000000000000000"
  },
  "message": ""
}

Event ID 1002 — The DNS server being queried for interface Interface has changed to Address.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsServerQueryChange

Description

The DNS server being queried for interface Interface has changed to Address.

Message #

The DNS server being queried for interface %1 has changed to %3

Fields #

Name	Description
`Interface` UnicodeString	—
`AddressLength` UInt32	—
`Address` Binary	—
`ClientPID` UInt32	—

Event ID 1003 — The following DNS server(s) were successfully validated as active servers that can service this client.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsServerValidationSuccess

Description

The following DNS server(s) were successfully validated as active servers that can service this client. Address.

Message #

The following DNS server(s) were successfully validated as active servers that can service this client. %2

Fields #

Name	Description
`AddressLength` UInt32	—
`Address` Binary	—

Event ID 1004 — The following DNS server(s) were successfully validated as active servers that can service this client.

Provider: Microsoft-Windows-DNS-Client
Channel: System

Description

The following DNS server(s) were successfully validated as active servers that can service this client. {Address}.

Message #

The following DNS server(s) were successfully validated as active servers that can service this client. {Address}

Fields #

Name	Description
`Address`	—

Event ID 1005 — The client was unable to validate the following as active DNS server(s) that can service this client.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsServerValidationFailure

Description

The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. Address.

Message #

The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. %2

Fields #

Name	Description
`AddressLength` UInt32	—
`Address` Binary	—

Event ID 1006 — The client was unable to validate the following as active DNS server(s) that can service this client.

Provider: Microsoft-Windows-DNS-Client
Channel: System

Description

The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable; or may be incorrectly configured. {Address}.

Message #

The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable; or may be incorrectly configured. {Address}

Fields #

Name	Description
`Address`	—

Event ID 1007 — The primary DNS suffix for this machine is missing.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsMissingPrimarySuffix

Description

The primary DNS suffix for this machine is missing. In the absence of a primary DNS suffix, short unqualified names may not resolve through DNS.

Message #

The primary DNS suffix for this machine is missing. In the absence of a primary DNS suffix, short unqualified names may not resolve through DNS

Fields #

Name	Description
`ErrorCode` UInt32	—
`Location` UInt32	—
`Context` UInt32	—

Event ID 1008 — The primary DNS suffix for this machine is missing.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsMissingPrimarySuffixSystem

Description

The primary DNS suffix for this machine is missing. In the absence of a primary DNS suffix, short unqualified names may not resolve through DNS.

Message #

The primary DNS suffix for this machine is missing. In the absence of a primary DNS suffix, short unqualified names may not resolve through DNS

Fields #

Name	Description
`ErrorCode` UInt32	—
`Location` UInt32	—
`Context` UInt32	—

Event ID 1009 — The primary DNS suffix for this machine (DnsSuffix) does not match the Active Directory domain (AdSuffix) that it is currently joined to.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsNonMatchingSuffix

Description

The primary DNS suffix for this machine (DnsSuffix) does not match the Active Directory domain (AdSuffix) that it is currently joined to.

Message #

The primary DNS suffix for this machine (%1) does not match the Active Directory domain (%2) that it is currently joined to.

Fields #

Name	Description
`DnsSuffix` UnicodeString	—
`AdSuffix` UnicodeString	—

Event ID 1010 — The primary DNS suffix for this machine (DnsSuffix) does not match the Active Directory domain (AdSuffix) that it is currently joined to.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsNonMatchingSuffixSystem

Description

The primary DNS suffix for this machine (DnsSuffix) does not match the Active Directory domain (AdSuffix) that it is currently joined to.

Message #

The primary DNS suffix for this machine (%1) does not match the Active Directory domain (%2) that it is currently joined to.

Fields #

Name	Description
`DnsSuffix` UnicodeString	—
`AdSuffix` UnicodeString	—

Event ID 1011 — There was an error while attempting to read the local hosts file.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsHostFileError

Description

There was an error while attempting to read the local hosts file.

Message #

There was an error while attempting to read the local hosts file.

Fields #

Name	Description
`ErrorCode` UInt32	—
`Location` UInt32	—
`Context` UInt32	—

Event ID 1012 — There was an error while attempting to read the local hosts file.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsHostFileErrorSystem

Description

There was an error while attempting to read the local hosts file.

Message #

There was an error while attempting to read the local hosts file.

Fields #

Name	Description
`ErrorCode` UInt32	—
`Location` UInt32	—
`Context` UInt32	—

Event ID 1013 — Name resolution for the name QueryName timed out after none of the configured DNS servers responded.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Error
Task: DnsAllServersTimeout

Description

Name resolution for the name QueryName timed out after none of the configured DNS servers responded.

Message #

Name resolution for the name %1 timed out after none of the configured DNS servers responded.

Fields #

Name	Description
`QueryName` UnicodeString	—
`AddressLength` UInt32	—
`Address` Binary	—
`ClientPID` UInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 1013,
    "version": 0,
    "level": 2,
    "task": 1013,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T21:48:42.710774+00:00",
    "event_record_id": 11625,
    "correlation": {},
    "execution": {
      "process_id": 1860,
      "thread_id": 7980
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "dns.msftncsi.com",
    "AddressLength": 16,
    "Address": "020000350A020A0B0000000000000000"
  },
  "message": ""
}

Event ID 1014 — Name resolution for the name QueryName timed out after none of the configured DNS servers responded.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Level: Warning
Task: DnsAllServersTimeoutSystem

Description

Name resolution for the name QueryName timed out after none of the configured DNS servers responded.

Message #

Name resolution for the name %1 timed out after none of the configured DNS servers responded.

Fields #

Name	Description
`QueryName` UnicodeString	—
`AddressLength` UInt32	—
`Address` Binary	—
`ClientPID` UInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 1014,
    "version": 1,
    "level": 3,
    "task": 1014,
    "opcode": 0,
    "keywords": 4611686018695823360,
    "time_created": "2023-11-06T06:25:49.753506+00:00",
    "event_record_id": 1706,
    "correlation": {},
    "execution": {
      "process_id": 1916,
      "thread_id": 3540
    },
    "channel": "System",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "wpad",
    "AddressLength": 128,
    "Address": "02000000C0A85C02000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
    "ClientPID": 2556
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 1015 — Name resolution for the name QueryName timed out after the DNS server Address did not respond.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Task: DnsServerTimeout

Description

Name resolution for the name QueryName timed out after the DNS server Address did not respond.

Message #

Name resolution for the name %1 timed out after the DNS server %3 did not respond.

Fields #

Name	Description
`QueryName` UnicodeString	—
`AddressLength` UInt32	—
`Address` Binary	—
`ClientPID` UInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 1015,
    "version": 1,
    "level": 4,
    "task": 1015,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.061199+00:00",
    "event_record_id": 11,
    "correlation": {
      "ActivityID": "98BC0724-3B37-4F5C-B2FF-8A9EF612845C"
    },
    "execution": {
      "process_id": 1732,
      "thread_id": 8072
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "us-v20.events.endpoint.security.microsoft.com",
    "AddressLength": 16,
    "Address": "020000350A020A0B0000000000000000",
    "ClientPID": 3384
  },
  "message": ""
}

Event ID 1016 — A name not found error was returned for the name QueryName.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Task: DnsNameError

Description

A name not found error was returned for the name QueryName. Check to ensure that the name is correct. The response was sent by the server at Address.

Message #

A name not found error was returned for the name %1. Check to ensure that the name is correct. The response was sent by the server at %3.

Fields #

Name	Description
`QueryName` UnicodeString	—
`AddressLength` UInt32	—
`Address` Binary	—
`ClientPID` UInt32	—
`SendBlob` Pointer	—
`SendBlobContext` Pointer	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 1016,
    "version": 2,
    "level": 4,
    "task": 1016,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:58.824946+00:00",
    "event_record_id": 24,
    "correlation": {
      "ActivityID": "EF3E8619-3C1A-466E-87D4-27258CCCF136"
    },
    "execution": {
      "process_id": 1732,
      "thread_id": 8072
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "85.65.42.20.in-addr.arpa",
    "AddressLength": 16,
    "Address": "020000350A020A0B0000000000000000",
    "ClientPID": 3516,
    "SendBlob": "0x1b11ff2c150",
    "SendBlobContext": "0x7ffa2a356170"
  },
  "message": ""
}

Event ID 1017 — The DNS server's response to a query for name QueryName indicates that no records of the type queried are available, but could indicate that other records...

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Task: DnsAuthoritativeResponse

Description

The DNS server's response to a query for name QueryName indicates that no records of the type queried are available, but could indicate that other records for the same name are present.

Message #

The DNS server's response to a query for name %1 indicates that no records of the type queried are available, but could indicate that other records for the same name are present.

Fields #

Name	Description
`QueryName` UnicodeString	—
`AddressLength` UInt32	—
`Address` Binary	—
`ClientPID` UInt32	—
`SendBlob` Pointer	—
`SendBlobContext` Pointer	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 1017,
    "version": 0,
    "level": 4,
    "task": 1017,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T20:23:56.825954+00:00",
    "event_record_id": 4296,
    "correlation": {},
    "execution": {
      "process_id": 968,
      "thread_id": 9008
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "QueryName": "_kerberos._tcp.dc._msdcs.ludus.domain",
    "AddressLength": 16,
    "Address": "020000357F0000010000000000000000"
  },
  "message": ""
}

Event ID 1018 — The response for the query QueryName was a Link Local IP address Address.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsLinkLocal

Description

The response for the query QueryName was a Link Local IP address Address. The response was sent by the server at DnsAddress.

Message #

The response for the query %1 was a Link Local IP address %3. The response was sent by the server at %5.

Fields #

Name	Description
`QueryName` UnicodeString	—
`AddressLength` UInt32	—
`Address` Binary	—
`DnsAddressLength` UInt32	—
`DnsAddress` Binary	—
`ClientPID` UInt32	—
`SendBlob` Pointer	—
`SendBlobContext` Pointer	—

Event ID 1019 — There are currently no IPv6 DNS servers configured for any interface on this host.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsNoServerConfigV6

Description

There are currently no IPv6 DNS servers configured for any interface on this host. Please configure DNS server settings, or renew your dynamic IP settings.

Message #

There are currently no IPv6 DNS servers configured for any interface on this host. Please configure DNS server settings, or renew your dynamic IP settings.

Fields #

Name	Description
`Location` UInt32	—
`Context` UInt32	—

Event ID 1020 — Read DNS Name Resolution Policy Table: Key Name KeyName: DNSSEC Settings: DnsSecValidationRequired DnsSecValidationRequired, DnsQueryOverIPSec DnsQueryOverIPSec, DnsEncryption DnsEncryption Direct ...

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsReadPolicyTable

Message #

Read DNS Name Resolution Policy Table: Key Name %1: DNSSEC Settings: DnsSecValidationRequired %2, DnsQueryOverIPSec %3, DnsEncryption %4 Direct Access Settings: DirectAccessServerList %5, EnableRemoteIPSEC %6  RemoteEncryption %7 ProxyType %8 ProxyName %9

Fields #

Name	Description
`KeyName` UnicodeString	—
`DnsSecValidationRequired` UInt32	—
`DnsQueryOverIPSec` UInt32	—
`DnsEncryption` UInt32	—
`DirectAccessServerList` UnicodeString	—
`RemoteIPSEC` UInt32	—
`RemoteEncryption` UInt32	—
`ProxyType` UInt32	—
`ProxyName` UnicodeString	—

Event ID 1021 — Matched Effective policy for query name QueryName: Key Name KeyName: DnsSecValidationRequired DnsSecValidationRequired, DnsQueryOverIPSec DnsQueryOverIPSec, DnsEncryption DnsEncryption DirectAccess...

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsMatchPolicyInfo

Description

Matched Effective policy for query name QueryName: Key Name KeyName: DnsSecValidationRequired DnsSecValidationRequired, DnsQueryOverIPSec DnsQueryOverIPSec, DnsEncryption DnsEncryption DirectAccessServerList DirectAccessServerList, ProxyType ProxyType ProxyName ProxyName.

Message #

Matched Effective policy for query name %1: Key Name %2: DnsSecValidationRequired %3, DnsQueryOverIPSec %4, DnsEncryption %5 DirectAccessServerList %6, ProxyType %7 ProxyName %8

Fields #

Name	Description
`QueryName` UnicodeString	—
`KeyName` UnicodeString	—
`DnsSecValidationRequired` UInt32	—
`DnsQueryOverIPSec` UInt32	—
`DnsEncryption` UInt32	—
`DirectAccessServerList` UnicodeString	—
`ProxyType` UInt32	—
`ProxyName` UnicodeString	—

Event ID 1022 — Name resolution for the name, QueryName, will not fall back to LLMNR or NetBIOS.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Task: DnsSecureNoFallback

Description

Name resolution for the name, QueryName, will not fall back to LLMNR or NetBIOS.

Message #

Name resolution for the name, %1, will not fall back to LLMNR or NetBIOS

Fields #

Name	Description
`QueryName` UnicodeString	—
`ClientPID` UInt32	—
`QueryBlob` Pointer	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 1022,
    "version": 0,
    "level": 4,
    "task": 1022,
    "opcode": 0,
    "keywords": 9223372037391646720,
    "time_created": "2026-03-13T21:48:42.710909+00:00",
    "event_record_id": 11629,
    "correlation": {},
    "execution": {
      "process_id": 1860,
      "thread_id": 7980
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "dns.msftncsi.com"
  },
  "message": ""
}

Event ID 1023 — Name resolution policy table has been corrupted.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsPolicySystemReadError

Description

Name resolution policy table has been corrupted. DNS resolution will fail until it is fixed. Contact your network administrator. For more information: read policy table for rule failed with error.

Message #

Name resolution policy table has been corrupted. DNS resolution will fail until it is fixed. Contact your network administrator. For more information: read policy table for rule %1 failed with error %2

Fields #

Name	Description
`RuleName` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 1024 — Transaction ID of the response for query QueryName from server Address did not match.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Task: DnsQueryBadXid

Description

Transaction ID of the response for query QueryName from server Address did not match.

Message #

Transaction ID of the response for query %1 from server %3 did not match

Fields #

Name	Description
`QueryName` UnicodeString	—
`AddressLength` UInt32	—
`Address` Binary	—
`ClientPID` UInt32	—
`SendBlob` Pointer	—
`SendBlobContext` Pointer	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 1024,
    "version": 0,
    "level": 4,
    "task": 1024,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T21:48:46.782764+00:00",
    "event_record_id": 11899,
    "correlation": {},
    "execution": {
      "process_id": 1860,
      "thread_id": 8032
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "ludus.domain",
    "AddressLength": 16,
    "Address": "020000350A020A0B0000000000000000"
  },
  "message": ""
}

Event ID 1025 — The DNS server IP Address of the response for query QueryName is not configured on the client.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsQueryInvalidServerIp

Description

The DNS server IP Address of the response for query QueryName is not configured on the client.

Message #

The DNS server IP %3 of the response for query %1 is not configured on the client

Fields #

Name	Description
`QueryName` UnicodeString	—
`AddressLength` UInt32	—
`Address` Binary	—
`ClientPID` UInt32	—
`SendBlob` Pointer	—
`SendBlobContext` Pointer	—

Event ID 1026 — The question (ResponseQuestion) in the response from server Address does not match the original question QueryName.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsQueryInvalidQuestion

Description

The question (ResponseQuestion) in the response from server Address does not match the original question QueryName.

Message #

The question (%2) in the response from server %4 does not match the original question %1

Fields #

Name	Description
`QueryName` UnicodeString	—
`ResponseQuestion` UnicodeString	—
`AddressLength` UInt32	—
`Address` Binary	—
`ClientPID` UInt32	—
`SendBlob` Pointer	—
`SendBlobContext` Pointer	—

Event ID 1027 — DNS Name resolution for the name, QueryName, failed because the client was unable to contact DNS servers.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Opcode: Info

Message #

DNS Name resolution for the name, %1, failed because the client was unable to contact DNS servers. At least one of the interfaces is not in a private network and name resolution will not fall back to LLMNR or NetBIOS

Fields #

Name	Description
`QueryName` UnicodeString	—
`ClientPID` UInt32	—
`QueryBlob` Pointer	—

Event ID 1028 — Matched effective policy for query name QueryName: Key Name KeyName: DnsSecValidationRequired DnsSecValidationRequired, DnsQueryOverIPSec DnsQueryOverIPSec, DnsEncryption DnsEncryption DirectAccess...

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsMatchPolicyInfo

Description

Matched effective policy for query name : Key Name : DnsSecValidationRequired , DnsQueryOverIPSec , DnsEncryption DirectAccessServerList , ProxyType ProxyName GenericServerList IdnConfig.

Message #

Matched effective policy for query name %1: Key Name %2: DnsSecValidationRequired %3, DnsQueryOverIPSec %4, DnsEncryption %5 DirectAccessServerList %6, ProxyType %7 ProxyName %8 GenericServerList %9 IdnConfig %10

Fields #

Name	Description
`QueryName` UnicodeString	—
`KeyName` UnicodeString	—
`DnsSecValidationRequired` UInt32	—
`DnsQueryOverIPSec` UInt32	—
`DnsEncryption` UInt32	—
`DirectAccessServerList` UnicodeString	—
`ProxyType` UInt32	—
`ProxyName` UnicodeString	—
`GenericServerList` UnicodeString	—
`IdnConfig` UInt32	—
`ClientPID` UInt32	—
`QueryBlob` Pointer	—

Event ID 3000 — DNS Query is initiated for the name QueryName and for the type QueryType with query options QueryOptions.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Opcode: Info

Description

DNS Query is initiated for the name QueryName and for the type QueryType with query options QueryOptions.

Message #

DNS Query is initiated for the name %1 and for the type %2 with query options %3

Fields #

Name	Description
`QueryName` UnicodeString	—
`QueryType` UInt32	—
`QueryOptions` UInt64	—

Event ID 3001 — DNS Query operation is completed with result Status.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Opcode: Info

Description

DNS Query operation is completed with result Status.

Message #

DNS Query operation is completed with result %1

Fields #

Name	Description
`Status` UInt32	— NTSTATUS reference

Event ID 3002 — DNS Cache lookup is initiated for the name QueryName and for the type QueryType with query options QueryOptions.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Opcode: Info

Description

DNS Cache lookup is initiated for the name QueryName and for the type QueryType with query options QueryOptions.

Message #

DNS Cache lookup is initiated for the name %1 and for the type %2 with query options %3

Fields #

Name	Description
`QueryName` UnicodeString	—
`QueryType` UInt32	—
`QueryOptions` UInt64	—

Event ID 3003 — DNS Cache lookup operation for the name QueryName and for the type QueryType is completed with result Status.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Opcode: Info

Description

DNS Cache lookup operation for the name QueryName and for the type QueryType is completed with result Status.

Message #

DNS Cache lookup operation for the name %1 and for the type %2 is completed with result %3

Fields #

Name	Description
`QueryName` UnicodeString	—
`QueryType` UInt32	—
`Status` UInt32	— NTSTATUS reference

Event ID 3004 — DNS FQDN Query is initiated for the name QueryName and for the type QueryType with query options QueryOptions.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Opcode: Info

Description

DNS FQDN Query is initiated for the name QueryName and for the type QueryType with query options QueryOptions.

Message #

DNS FQDN Query is initiated for the name %1 and for the type %2 with query options %3

Fields #

Name	Description
`QueryName` UnicodeString	—
`QueryType` UInt32	—
`QueryOptions` UInt64	—

Event ID 3005 — DNS FQDN Query operation for the name QueryName and for the type QueryType is completed with result Status.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Opcode: Info

Description

DNS FQDN Query operation for the name QueryName and for the type QueryType is completed with result Status.

Message #

DNS FQDN Query operation for the name %1 and for the type %2 is completed with result %3

Fields #

Name	Description
`QueryName` UnicodeString	—
`QueryType` UInt32	—
`Status` UInt32	— NTSTATUS reference

Event ID 3006 — DNS query is called for the name QueryName, type QueryType, query options QueryOptions, Server List ServerList, isNetwork query IsNetworkQuery, network index NetworkQueryIndex, interface index Inte...

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Opcode: Info

Description

DNS query is called for the name QueryName, type QueryType, query options QueryOptions, Server List ServerList, isNetwork query IsNetworkQuery, network index NetworkQueryIndex, interface index InterfaceIndex, is asynchronous query IsAsyncQuery.

Message #

DNS query is called for the name %1, type %2, query options %3, Server List %4, isNetwork query %5, network index %6, interface index %7, is asynchronous query %8

Fields #

Name	Description
`QueryName` UnicodeString	—
`QueryType` UInt32	—
`QueryOptions` UInt64	—
`ServerList` UnicodeString	—
`IsNetworkQuery` UInt32	—
`NetworkQueryIndex` UInt32	—
`InterfaceIndex` UInt32	—
`IsAsyncQuery` UInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 3006,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.033511+00:00",
    "event_record_id": 2,
    "correlation": {
      "ActivityID": "30000002-0002-FE00-D015-D40C380D840C"
    },
    "execution": {
      "process_id": 3384,
      "thread_id": 3204
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "QueryName": "us-v20.events.endpoint.security.microsoft.com",
    "QueryType": 28,
    "QueryOptions": 720575941453176832,
    "ServerList": "",
    "IsNetworkQuery": 0,
    "NetworkQueryIndex": 0,
    "InterfaceIndex": 0,
    "IsAsyncQuery": 0
  },
  "message": ""
}

Event ID 3007 — DnsQueryEx for the name QueryName is pending.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Opcode: Info

Description

DnsQueryEx for the name QueryName is pending.

Message #

DnsQueryEx for the name %1 is pending

Fields #

Name	Description
`QueryName` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 3007,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T21:48:42.710899+00:00",
    "event_record_id": 11627,
    "correlation": {},
    "execution": {
      "process_id": 1860,
      "thread_id": 7980
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "dns.msftncsi.com"
  },
  "message": ""
}

Event ID 3008 — DNS query is completed for the name QueryName, type QueryType, query options QueryOptions with status QueryStatus Results QueryResults.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Collection Priority: Recommended (Microsoft-WEF, others)
Opcode: Info

Description

DNS query is completed for the name QueryName, type QueryType, query options QueryOptions with status QueryStatus Results QueryResults.

Message #

DNS query is completed for the name %1, type %2, query options %3 with status %4 Results %5

Fields #

Name	Description
`QueryName` UnicodeString	—
`QueryType` UInt32	—
`QueryOptions` UInt64	—
`QueryStatus` UInt32	—
`QueryResults` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 3008,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.033539+00:00",
    "event_record_id": 4,
    "correlation": {
      "ActivityID": "30000002-0002-FE00-D015-D40C380D840C"
    },
    "execution": {
      "process_id": 3384,
      "thread_id": 7344
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "QueryName": "us-v20.events.endpoint.security.microsoft.com",
    "QueryType": 1,
    "QueryOptions": 720575941453045760,
    "QueryStatus": 87,
    "QueryResults": ""
  },
  "message": ""
}

Detection Rules #

View all rules referencing this event →

Sigma # view in reference

DNS Query for Anonfiles.com Domain - DNS Client source high: Detects DNS queries for anonfiles.com, which is an anonymous file upload platform often used for malicious purposes
Suspicious Cobalt Strike DNS Beaconing - DNS Client source critical: Detects a program that invoked suspicious DNS queries known from Cobalt Strike beacons
DNS Query To MEGA Hosting Website - DNS Client source medium: Detects DNS queries for subdomains related to MEGA sharing website

Show 3 more (6 total)

DNS Query To Put.io - DNS Client source medium: Detects DNS queries for subdomains related to "Put.io" sharing website.
Query Tor Onion Address - DNS Client source high: Detects DNS resolution of an .onion address related to Tor routing networks
DNS Query To Ufile.io - DNS Client source low: Detects DNS queries to "ufile.io", which was seen abused by malware and threat actors as a method for data exfiltration

Event ID 3009 — Network query initiated for the name QueryName (is parallel query IsParallelNetworkQuery) on network index NetworkIndex with interface count InterfaceCount with first interface name AdapterName, lo...

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Opcode: Info

Description

Network query initiated for the name QueryName (is parallel query IsParallelNetworkQuery) on network index NetworkIndex with interface count InterfaceCount with first interface name AdapterName, local addresses LocalAddress and Dns Servers DNSServerAddress.

Message #

Network query initiated for the name %1 (is parallel query %2) on network index %3 with interface count %4 with first interface name %5, local addresses %6 and Dns Servers %7

Fields #

Name	Description
`QueryName` UnicodeString	—
`IsParallelNetworkQuery` UInt32	—
`NetworkIndex` UInt32	—
`InterfaceCount` UInt32	—
`AdapterName` UnicodeString	—
`LocalAddress` UnicodeString	—
`DNSServerAddress` UnicodeString	—
`ClientPID` UInt32	—
`QueryBlob` Pointer	—
`ParentBlob` Pointer	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 3009,
    "version": 2,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.037113+00:00",
    "event_record_id": 6,
    "correlation": {
      "ActivityID": "98BC0724-3B37-4F5C-B2FF-8A9EF612845C"
    },
    "execution": {
      "process_id": 1732,
      "thread_id": 8072
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "us-v20.events.endpoint.security.microsoft.com",
    "IsParallelNetworkQuery": 1,
    "NetworkIndex": 0,
    "InterfaceCount": 1,
    "AdapterName": "Ethernet",
    "LocalAddress": "10.2.10.21",
    "DNSServerAddress": "10.2.10.11",
    "ClientPID": 3384,
    "QueryBlob": "0x1b11f66d1a0",
    "ParentBlob": "0x0"
  },
  "message": ""
}

Event ID 3010 — DNS Query sent to DNS Server DnsServerIpAddress for name QueryName and type QueryType.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Opcode: Info

Description

DNS Query sent to DNS Server DnsServerIpAddress for name QueryName and type QueryType.

Message #

DNS Query sent to DNS Server %3 for name %1 and type %2

Fields #

Name	Description
`QueryName` UnicodeString	—
`QueryType` UInt32	—
`DnsServerIpAddress` UnicodeString	—
`ClientPID` UInt32	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 3010,
    "version": 1,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.037163+00:00",
    "event_record_id": 10,
    "correlation": {
      "ActivityID": "98BC0724-3B37-4F5C-B2FF-8A9EF612845C"
    },
    "execution": {
      "process_id": 1732,
      "thread_id": 8072
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "us-v20.events.endpoint.security.microsoft.com",
    "QueryType": 1,
    "DnsServerIpAddress": "10.2.10.11",
    "ClientPID": 3384
  },
  "message": ""
}

Event ID 3011 — Received response from DNS Server DnsServerIpAddress for name QueryName and type QueryType with response status ResponseStatus.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Opcode: Info

Description

Received response from DNS Server DnsServerIpAddress for name QueryName and type QueryType with response status ResponseStatus.

Message #

Received response from DNS Server %3 for name %1 and type %2 with response status %4

Fields #

Name	Description
`QueryName` UnicodeString	—
`QueryType` UInt32	—
`DnsServerIpAddress` UnicodeString	—
`ResponseStatus` UInt32	—
`ClientPID` UInt32	—
`SendBlob` Pointer	—
`SendBlobContext` Pointer	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 3011,
    "version": 2,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.072575+00:00",
    "event_record_id": 13,
    "correlation": {
      "ActivityID": "7D9A141D-3061-4B6F-A6EE-D4CEE18DB90D"
    },
    "execution": {
      "process_id": 1732,
      "thread_id": 8072
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "us-v20.events.endpoint.security.microsoft.com",
    "QueryType": 1,
    "DnsServerIpAddress": "10.2.10.11",
    "ResponseStatus": 0,
    "ClientPID": 3384,
    "SendBlob": "0x1b11ff2c630",
    "SendBlobContext": "0x7ffa2a356170"
  },
  "message": ""
}

Event ID 3012 — NETBIOS query is initiated for name QueryName on network index NetworkIndex with inteface count InterfaceCount with first interface name AdapterName and local addresses LocalAddress.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Opcode: Info

Description

NETBIOS query is initiated for name QueryName on network index NetworkIndex with inteface count InterfaceCount with first interface name AdapterName and local addresses LocalAddress.

Message #

NETBIOS query is initiated for name %1 on network index %2 with inteface count %3 with first interface name %4 and local addresses %5

Fields #

Name	Description
`QueryName` UnicodeString	—
`NetworkIndex` UInt32	—
`InterfaceCount` UInt32	—
`AdapterName` UnicodeString	—
`LocalAddress` UnicodeString	—
`ClientPID` UInt32	—
`QueryBlob` Pointer	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 3012,
    "version": 2,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:59.235084+00:00",
    "event_record_id": 27,
    "correlation": {
      "ActivityID": "EF3E8619-3C1A-466E-87D4-27258CCCF136"
    },
    "execution": {
      "process_id": 1732,
      "thread_id": 8072
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "85.65.42.20.in-addr.arpa.",
    "NetworkIndex": 0,
    "InterfaceCount": 1,
    "AdapterName": "Ethernet",
    "LocalAddress": "10.2.10.21",
    "ClientPID": 3516,
    "QueryBlob": "0x1b11f6395c0"
  },
  "message": ""
}

Event ID 3013 — NETBIOS query is completed for name QueryName with status Status and results QueryResults.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Opcode: Info

Description

NETBIOS query is completed for name QueryName with status Status and results QueryResults.

Message #

NETBIOS query is completed for name %1 with status %2 and results %3

Fields #

Name	Description
`QueryName` UnicodeString	—
`Status` UInt32	— NTSTATUS reference
`QueryResults` UnicodeString	—
`ClientPID` UInt32	—
`QueryBlob` Pointer	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 3013,
    "version": 2,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:59.235292+00:00",
    "event_record_id": 29,
    "correlation": {
      "ActivityID": "EF3E8619-3C1A-466E-87D4-27258CCCF136"
    },
    "execution": {
      "process_id": 1732,
      "thread_id": 7952
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "85.65.42.20.in-addr.arpa.",
    "Status": 121,
    "QueryResults": "",
    "ClientPID": 3516,
    "QueryBlob": "0x1b11f6395c0"
  },
  "message": ""
}

Event ID 3014 — NETBIOS query for the name QueryName is pending.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Opcode: Info

Description

NETBIOS query for the name QueryName is pending.

Message #

NETBIOS query for the name %1 is pending

Fields #

Name	Description
`QueryName` UnicodeString	—
`ClientPID` UInt32	—
`QueryBlob` Pointer	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 3014,
    "version": 2,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:59.235275+00:00",
    "event_record_id": 28,
    "correlation": {
      "ActivityID": "EF3E8619-3C1A-466E-87D4-27258CCCF136"
    },
    "execution": {
      "process_id": 1732,
      "thread_id": 8072
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "85.65.42.20.in-addr.arpa.",
    "ClientPID": 3516,
    "QueryBlob": "0x1b11f6395c0"
  },
  "message": ""
}

Event ID 3015 — DnsQueryEx is canceled for the name QueryName.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Opcode: Info

Description

DnsQueryEx is canceled for the name QueryName.

Message #

DnsQueryEx is canceled for the name %1

Fields #

Name	Description
`QueryName` UnicodeString	—

Event ID 3016 — Cache lookup called for name QueryName, type QueryType, options QueryOptions and interface index InterfaceIndex.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Opcode: Info

Description

Cache lookup called for name QueryName, type QueryType, options QueryOptions and interface index InterfaceIndex.

Message #

Cache lookup called for name %1, type %2, options %3 and interface index %4

Fields #

Name	Description
`QueryName` UnicodeString	—
`QueryType` UInt32	—
`QueryOptions` UInt64	—
`InterfaceIndex` UInt32	—
`ClientPID` UInt32	—
`QueryBlob` Pointer	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 3016,
    "version": 2,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.037130+00:00",
    "event_record_id": 7,
    "correlation": {
      "ActivityID": "98BC0724-3B37-4F5C-B2FF-8A9EF612845C"
    },
    "execution": {
      "process_id": 1732,
      "thread_id": 8072
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "us-v20.events.endpoint.security.microsoft.com",
    "QueryType": 1,
    "QueryOptions": 722827741266862080,
    "InterfaceIndex": 0,
    "ClientPID": 3384,
    "QueryBlob": "0x1b11f66d1a0"
  },
  "message": ""
}

Event ID 3018 — Cache lookup for name QueryName, type QueryType and option QueryOptions returned Status with results QueryResults.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Opcode: Info

Description

Cache lookup for name QueryName, type QueryType and option QueryOptions returned Status with results QueryResults.

Message #

Cache lookup for name %1, type %2 and option %3 returned %4 with results %5

Fields #

Name	Description
`QueryName` UnicodeString	—
`QueryType` UInt32	—
`QueryOptions` UInt64	—
`Status` UInt32	— NTSTATUS reference
`QueryResults` UnicodeString	—
`ClientPID` UInt32	—
`QueryBlob` Pointer	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 3018,
    "version": 2,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.037138+00:00",
    "event_record_id": 8,
    "correlation": {
      "ActivityID": "98BC0724-3B37-4F5C-B2FF-8A9EF612845C"
    },
    "execution": {
      "process_id": 1732,
      "thread_id": 8072
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "us-v20.events.endpoint.security.microsoft.com",
    "QueryType": 1,
    "QueryOptions": 722827741266862080,
    "Status": 9701,
    "QueryResults": "",
    "ClientPID": 3384,
    "QueryBlob": "0x1b11f66d1a0"
  },
  "message": ""
}

Event ID 3019 — Query wire called for name QueryName, type QueryType, interface index InterfaceIndex and network index NetworkIndex.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Opcode: Info

Description

Query wire called for name QueryName, type QueryType, interface index InterfaceIndex and network index NetworkIndex.

Message #

Query wire called for name %1, type %2, interface index %3 and network index %4

Fields #

Name	Description
`QueryName` UnicodeString	—
`QueryType` UInt32	—
`InterfaceIndex` UInt32	—
`NetworkIndex` UInt32	—
`ClientPID` UInt32	—
`QueryBlob` Pointer	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 3019,
    "version": 2,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.037151+00:00",
    "event_record_id": 9,
    "correlation": {
      "ActivityID": "98BC0724-3B37-4F5C-B2FF-8A9EF612845C"
    },
    "execution": {
      "process_id": 1732,
      "thread_id": 8072
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "us-v20.events.endpoint.security.microsoft.com",
    "QueryType": 1,
    "InterfaceIndex": 0,
    "NetworkIndex": 0,
    "ClientPID": 3384,
    "QueryBlob": "0x1b11f66d1a0"
  },
  "message": ""
}

Event ID 3020 — Query response for name QueryName, type QueryType, interface index NetworkIndex and network index InterfaceIndex returned Status with results QueryResults.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Level: Informational
Collection Priority: Recommended (NSA)
Opcode: Info

Description

Query response for name QueryName, type QueryType, interface index NetworkIndex and network index InterfaceIndex returned Status with results QueryResults.

Message #

Query response for name %1, type %2, interface index %3 and network index %4 returned %5 with results %6

Fields #

Name	Description
`QueryName` UnicodeString	—
`QueryType` UInt32	—
`NetworkIndex` UInt32	—
`InterfaceIndex` UInt32	—
`Status` UInt32	— NTSTATUS reference
`QueryResults` UnicodeString	—
`ClientPID` UInt32	—
`QueryBlob` Pointer	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 3020,
    "version": 2,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2026-03-13T19:59:57.072612+00:00",
    "event_record_id": 14,
    "correlation": {
      "ActivityID": "7D9A141D-3061-4B6F-A6EE-D4CEE18DB90D"
    },
    "execution": {
      "process_id": 1732,
      "thread_id": 8072
    },
    "channel": "Microsoft-Windows-DNS-Client/Operational",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "QueryName": "us-v20.events.endpoint.security.microsoft.com",
    "QueryType": 1,
    "NetworkIndex": 0,
    "InterfaceIndex": 0,
    "Status": 0,
    "QueryResults": "type: 5 us-v20.events.data.trafficmanager.net;type: 5 onedscolprdeus05.eastus.cloudapp.azure.com;20.42.65.85;",
    "ClientPID": 3384,
    "QueryBlob": "0x1b11f66d1a0"
  },
  "message": ""
}

Event ID 3023 — Initiating resolver operation OperationName, name Name, flag Flag, client PID ClientPID.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Opcode: Info

Description

Initiating resolver operation OperationName, name Name, flag Flag, client PID ClientPID.

Message #

Initiating resolver operation %1, name %2, flag %3, client PID %4

Fields #

Name	Description
`OperationName` UnicodeString	—
`Name` UnicodeString	—
`Flag` UInt32	—
`ClientPID` UInt32	—

Event ID 3024 — Server ActualServer failed to validate DDR certificate for original address OriginalServer with status Status.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Opcode: Info

Description

Server ActualServer failed to validate DDR certificate for original address OriginalServer with status Status.

Message #

Server %1 failed to validate DDR certificate for original address %2 with status %3

Fields #

Name	Description
`ActualServer` UnicodeString	—
`OriginalServer` UnicodeString	—
`Status` UInt32	— NTSTATUS reference

Event ID 8001 — Unable to start DNS Client service.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsGenericError

Message #

Unable to start DNS Client service. Could not start the Remote Procedure Call (RPC) interface for this service. To correct the problem, you may restart the RPC and DNS Client services. To do so, use the following commands at a command prompt: (1) type 'net start rpc' to start the RPC service, and (2) type 'net start dnscache' to start the DNS Client service. See event details for specific error code information.

Fields #

Name	Description
`ErrorCode` UInt32	—

Event ID 8002 — Unable to start DNS Client service because the system failed to allocate memory and may be out of available memory.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsGenericError

Message #

Unable to start DNS Client service because the system failed to allocate memory and may be out of available memory. Try closing any applications not in use or reboot the computer. See event details for specific error code information.

Fields #

Name	Description
`ErrorCode` UInt32	—

Event ID 8003 — The system failed to register network adapter with settings.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register network adapter with settings.

Message #

The system failed to register network adapter with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS Server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The cause of this DNS registration failure was because the DNS update request timed out after being sent to the specified DNS Server. This is probably because the authoritative DNS server for the name being updated is not running.

You can manually retry registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still  persist, contact your network systems administrator to verify network conditions.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8004 — The system failed to register network adapter with settings.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register network adapter with settings.

Message #

The system failed to register network adapter with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The cause of this DNS registration failure was because of DNS server failure. This may be due to a zone transfer that has locked the DNS server for the applicable zone that your computer needs to register itself with.

(The applicable zone should typically correspond to the Adapter-specific Domain Suffix that was indicated above.) You can manually retry registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your network systems administrator to verify network conditions.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8005 — The system failed to register network adapter with settings.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register network adapter with settings.

Message #

The system failed to register network adapter with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason it could not register was because either: (a) the DNS server does not support the DNS dynamic update protocol, or (b) the primary zone authoritative for the registering names does not currently accept dynamic updates.

To add or register a DNS host (A or AAAA) resource record using the specific DNS name for this adapter, contact your DNS server or network systems administrator.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8006 — The system failed to register network adapter with settings.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register network adapter with settings.

Message #

The system failed to register network adapter with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason it could not register was because the DNS server refused the dynamic update request. This could happen for the following reasons: (a) current DNS update policies do not allow this computer to update the DNS domain name configured for this adapter, or (b) the authoritative DNS server for this DNS domain name does not support the DNS dynamic update protocol.

To register a DNS host (A or AAAA) resource record using the specific DNS domain name for this adapter, contact your DNS server or network systems administrator.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8007 — The system failed to register network adapter with settings.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register network adapter with settings.

Message #

The system failed to register network adapter with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The system could not register the DNS update request because of a security related problem. This could happen for the following reasons: (a) the DNS domain name that your computer is trying to register could not be updated because your computer does not have the right permissions, or (b) there might have been a problem negotiating valid credentials with the DNS server to update.

You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator. See event details for specific error code information.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8008 — The system failed to register network adapter with settings.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register network adapter with settings.

Message #

The system failed to register network adapter with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason the DNS update request could not be completed was because of a system problem. You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator. See event details for specific error code information.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8009 — The system failed to register pointer (PTR) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register pointer (PTR) resource records (RRs) for network adapter.

Message #

The system failed to register pointer (PTR) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address :
             %6

The reason that the system could not register these RRs was because the update request that was sent to the specified DNS server timed out. This is probably because the authoritative DNS server for the name being registered is not running.

You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator. See event details for specific error code information.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8010 — The system failed to register pointer (PTR) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Level: Informational
Task: DnsRegistration

Description

The system failed to register pointer (PTR) resource records (RRs) for network adapter.

Message #

The system failed to register pointer (PTR) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address :
             %6

The cause was DNS server failure. This may be because the reverse lookup zone is busy or missing on the DNS server that your computer needs to update. In most cases, this is a minor problem because it does not affect normal (forward) name resolution.

If reverse (address-to-name) resolution is required for your computer, you can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator. See event details for specific error code information.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`Sent UpdateServer`	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—
`SentUpdateServer` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Client",
    "guid": "1C95126E-7EEA-49A9-A3FE-A378B03DDB4D",
    "event_source_name": "",
    "event_id": 8010,
    "version": 0,
    "level": 4,
    "task": 1028,
    "opcode": 0,
    "keywords": 4611686018427387904,
    "time_created": "2026-03-09T00:28:59.406443+00:00",
    "event_record_id": 1968,
    "correlation": {},
    "execution": {
      "process_id": 1928,
      "thread_id": 6096
    },
    "channel": "System",
    "computer": "LAB-WIN11.ludus.domain",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "AdapterName": "{8A1760B6-DC99-4B90-9C4A-029698E5AE27}",
    "HostName": "LAB-WIN11",
    "AdapterSuffixName": "ludus.domain",
    "DnsServerList": "\t10.2.10.11",
    "Sent UpdateServer": "<?>",
    "Ipaddress": "10.2.10.21",
    "ErrorCode": 9002
  },
  "message": ""
}

Event ID 8011 — The system failed to register pointer (PTR) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register pointer (PTR) resource records (RRs) for network adapter.

Message #

The system failed to register pointer (PTR) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address :
             %6

The reason that the system could not register these RRs was because (a) either the DNS server does not support the DNS dynamic update protocol, or (b) the authoritative zone where these records are to be registered does not allow dynamic updates.

To register DNS pointer (PTR) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8012 — The system failed to register pointer (PTR) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register pointer (PTR) resource records (RRs) for network adapter.

Message #

The system failed to register pointer (PTR) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address :
             %6

The reason that the system could not register these RRs was because the DNS server refused the update request. The cause of this could be (a) your computer is not allowed to update the adapter-specified DNS domain name, or (b) because the DNS server authoritative for the specified name does not support the DNS dynamic update protocol.

To register the DNS pointer (PTR) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8013 — The system failed to register pointer (PTR) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register pointer (PTR) resource records (RRs) for network adapter.

Message #

The system failed to register pointer (PTR) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address :
             %6

The reason that the system could not register these RRs was because of a security related problem. The cause of this could be (a) your computer does not have permissions to register and update the specific DNS domain name set for this adapter, or (b) there might have been a problem negotiating valid credentials with the DNS server during the processing of the update request.

You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8014 — The system failed to register pointer (PTR) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register pointer (PTR) resource records (RRs) for network adapter.

Message #

The system failed to register pointer (PTR) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address :
             %6

The reason the system could not register these RRs during the update request was because of a system problem. You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator. See event details for specific error code information.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8015 — The system failed to register host (A or AAAA) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register host (A or AAAA) resource records (RRs) for network adapter.

Message #

The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Primary Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running at this time.

You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8016 — The system failed to register host (A or AAAA) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register host (A or AAAA) resource records (RRs) for network adapter.

Message #

The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Primary Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason the system could not register these RRs was because the DNS server failed the update request. The most likely cause of this is that the authoritative DNS server required to process this update request has a lock in place on the zone, probably because a zone transfer is in progress.

You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8017 — The system failed to register host (A or AAAA) resource records for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register host (A or AAAA) resource records for network adapter.

Message #

The system failed to register host (A or AAAA) resource records for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Primary Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

Either the DNS server does not support the DNS dynamic update protocol or the authoritative zone for the specified DNS domain name does not accept dynamic updates.

To register the DNS host (A or AAAA) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8018 — The system failed to register host (A or AAAA) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register host (A or AAAA) resource records (RRs) for network adapter.

Message #

The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Primary Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.

To register the DNS host (A or AAAA) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8019 — The system failed to register host (A or AAAA) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register host (A or AAAA) resource records (RRs) for network adapter.

Message #

The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Primary Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason the system could not register these RRs was because of a security related problem. The cause of this could be (a) your computer does not have permissions to register and update the specific DNS domain name set for this adapter, or (b) there might have been a problem negotiating valid credentials with the DNS server during the processing of the update request.

You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator. See event details for specific error code information.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8020 — The system failed to register host (A or AAAA) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to register host (A or AAAA) resource records (RRs) for network adapter.

Message #

The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Primary Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason the system could not register these RRs during the update request was because of a system problem. You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator. See event details for specific error code information.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8021 — The system failed to update and remove registration for the network adapter with settings.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove registration for the network adapter with settings.

Message #

The system failed to update and remove registration for the network adapter with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason for this failure is because the DNS server it sent the update request to timed out. The most likely cause of this failure is that the DNS server authoritative for the zone where the registration was originally made is either not running or unreachable through the network at this time.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8022 — The system failed to update and remove registration for the network adapter with settings.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove registration for the network adapter with settings.

Message #

The system failed to update and remove registration for the network adapter with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason for this failure is because the DNS server it sent the update to failed the update request. A possible cause of this failure is that the DNS server required to process this update request has a lock in place on the zone, probably because a zone transfer is in progress.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8023 — The system failed to update and remove registration for the network adapter with settings.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove registration for the network adapter with settings.

Message #

The system failed to update and remove registration for the network adapter with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason for this failure is because the DNS server sent the update either (a) does not support the DNS dynamic update protocol, or (b) the authoritative zone for the specified DNS domain name does not currently accept DNS dynamic updates.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8024 — The system failed to update and remove registration for the network adapter with settings.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove registration for the network adapter with settings.

Message #

The system failed to update and remove registration for the network adapter with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason the system could not perform the update request was the DNS server contacted refused update request. The cause of this is (a) this computer is not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for the zone that requires updating does not support the DNS dynamic update protocol.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8025 — The system failed to update and remove registration for the network adapter with settings.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove registration for the network adapter with settings.

Message #

The system failed to update and remove registration for the network adapter with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason the system could not perform the update request was because of a security related problem. The cause of this could be (a) your computer does not have permissions to register and update the specific DNS domain name set for this adapter, or (b) there might have been a problem negotiating valid credentials with the DNS server during the processing of the update request.

See event details for specific error code information.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8026 — The system failed to update and remove the DNS registration for the network adapter with settings.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove the DNS registration for the network adapter with settings.

Message #

The system failed to update and remove the DNS registration for the network adapter with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The system could not update to remove this DNS registration because of a system problem. See event details for specific error code information.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8027 — The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter.

Message #

The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address :
             %6

The system could not remove these PTR RRs because the update request timed out while awaiting a response from the DNS server. This is probably because the DNS server authoritative for the zone that requires update is not running.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8028 — The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter.

Message #

The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address : %6

The system could not remove these PTR RRs because the DNS server failed the update request. A possible cause is that a zone transfer is in progress, causing a lock for the zone at the DNS server authorized to perform the updates for these RRs.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8029 — The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter.

Message #

The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address :
             %6

The system could not remove these PTR RRs because either the DNS server does not support the DNS dynamic update protocol or the authoritative zone that contains these RRs does not accept dynamic updates.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8030 — The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter.

Message #

The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address :
             %6

The system could not remove these PTR RRs because the DNS server refused the update request. The cause of this might be (a) this computer is not allowed to update the specified DNS domain name specified by these settings, or (b) because the DNS server authorized to perform updates for the zone that contains these RRs does not support the DNS dynamic update protocol.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8031 — The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter.

Message #

The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address :
             %6

The system could not remove these PTR RRs because of a security related problem. The cause of this could be that (a) your computer does not have permissions to remove and update the specific DNS domain name or IP addresses configured for this adapter, or (b) there might have been a problem negotiating valid credentials with the DNS server during the processing of the update request. See event details for specific error code information.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8032 — The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter.

Message #

The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Adapter-specific Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address :
             %6

The system could not remove these PTR RRs because because of a system problem. See event details for specific error code information.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8033 — The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter.

Message #

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Primary Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

         The system could not remove these host (A or AAAA) RRs because the update request timed out while awaiting a response from the DNS server. This is probably because the DNS server authoritative for the zone where these RRs need to be updated is either not currently running or reachable on the network.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8034 — The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter.

Message #

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Primary Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The system could not remove these host (A or AAAA) RRs because the DNS server failed the update request. A possible cause is that a zone transfer is in progress, causing a lock for the zone at the DNS server authorized to perform the updates for these RRs.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8035 — The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter.

Message #

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Primary Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason for this failure is because the DNS server sent the update either (a) does not support the DNS dynamic update protocol, or (b) the authoritative zone for the DNS domain name specified in these host (A or AAAA) RRs does not currently accept DNS dynamic updates.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8036 — The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter.

Message #

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Primary Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The request to remove these records failed because the DNS server refused the update request. The cause of this might be that either (a) this computer is not allowed to update the DNS domain name specified by these settings, or (b) because the DNS server authorized to perform updates for the zone that contains these RRs does not support the DNS dynamic update protocol.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8037 — The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter.

Message #

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Primary Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason for this failure was because of a security related problem. The cause of this could be that (a) your computer does not have permissions to remove and update the specific DNS domain name or IP addresses configured for this adapter, or (b) there might have been a problem negotiating valid credentials with the DNS server during the processing of the update request. See event details for specific error code information.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8038 — The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsRegistration

Description

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter.

Message #

The system failed to update and remove host (A or AAAA) resource records (RRs) for network adapter
with settings:

           Adapter Name : %1
           Host Name : %2
           Primary Domain Suffix : %3
           DNS server list :
             %4
           Sent update to server : %5
           IP Address(es) :
             %6

The reason the update request failed was because of a system problem. See event details for specific error code information.

Fields #

Name	Description
`AdapterName` UnicodeString	—
`HostName` UnicodeString	—
`AdapterSuffixName` UnicodeString	—
`DnsServerList` UnicodeString	—
`SentUpdateServer` UnicodeString	—
`Ipaddress` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8040 — A DNS interception provider has been loaded.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsInterception

Description

A DNS interception provider has been loaded. This provider can overwrite any DNS resolution result. If this is unexpected, please contact the machine/domain admin.

Message #

A DNS interception provider has been loaded. This provider can overwrite any DNS resolution result. If this is unexpected, please contact the machine/domain admin.

           Interception Dll: %1

Fields #

Name	Description
`Interception_Dll` UnicodeString	—
`DllName` UnicodeString	—

Event ID 8042 — A DNS interception provider performed an illegal operation.

Provider: Microsoft-Windows-DNS-Client
Channel: System
Task: DnsInterception

Description

A DNS interception provider performed an illegal operation.

Message #

A DNS interception provider performed an illegal operation. 

           Interception Dll: %1

Fields #

Name	Description
`Interception_Dll` UnicodeString	—
`DllName` UnicodeString	—

Event ID 8043 — DNS-over-HTTPS query initiated to server Server for the name NameQuery, on interface InterfaceName, using template Template, client PID ClientPID.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational

Description

DNS-over-HTTPS query initiated to server Server for the name NameQuery, on interface InterfaceName, using template Template, client PID ClientPID.

Message #

DNS-over-HTTPS query initiated to server %1 for the name %2, on interface %3, using template %4, client PID %5

Fields #

Name	Description
`Server` UnicodeString	—
`NameQuery` UnicodeString	—
`InterfaceName` UnicodeString	—
`Template` UnicodeString	—
`ClientPID` UInt32	—

Event ID 8044 — DNS-over-TLS query initiated to server Server for the name NameQuery, on interface InterfaceName, with hostname Hostname, client PID ClientPID.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational

Description

DNS-over-TLS query initiated to server Server for the name NameQuery, on interface InterfaceName, with hostname Hostname, client PID ClientPID.

Message #

DNS-over-TLS query initiated to server %1 for the name %2, on interface %3, with hostname %4, client PID %5

Fields #

Name	Description
`Server` UnicodeString	—
`NameQuery` UnicodeString	—
`InterfaceName` UnicodeString	—
`Hostname` UnicodeString	—
`ClientPID` UInt32	—

Event ID 8045 — DNS-over-HTTPS request to server Server with template TemplateName returned HTTP status $3.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational

Description

DNS-over-HTTPS request to server Server with template TemplateName returned HTTP status $3.

Message #

DNS-over-HTTPS request to server %1 with template %2 returned HTTP status $3

Fields #

Name	Description
`Server` UnicodeString	—
`TemplateName` UnicodeString	—
`StatusCode` UInt32	—

Event ID 8046 — DNS-over-HTTPS request to server Server with template TemplateName failed with error ErrorCode.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational

Description

DNS-over-HTTPS request to server Server with template TemplateName failed with error ErrorCode.

Message #

DNS-over-HTTPS request to server %1 with template %2 failed with error %3

Fields #

Name	Description
`Server` UnicodeString	—
`TemplateName` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8047 — DNS-over-TLS request to server Server with hostname Hostname failed with error ErrorCode.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational

Description

DNS-over-TLS request to server Server with hostname Hostname failed with error ErrorCode.

Message #

DNS-over-TLS request to server %1 with hostname %2 failed with error %3

Fields #

Name	Description
`Server` UnicodeString	—
`Hostname` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 8048 — DNS-over-HTTPS request failed to obtain valid SSL certificate from server Server, with template Template, due to: Error.

Provider: Microsoft-Windows-DNS-Client
Channel: System

Description

DNS-over-HTTPS request failed to obtain valid SSL certificate from server Server, with template Template, due to: Error. WinHTTP flags: ErrorBits.

Message #

DNS-over-HTTPS request failed to obtain valid SSL certificate from server %1, with template %2, due to: %3. WinHTTP flags: %4

Fields #

Name	Description
`Server` UnicodeString	—
`Template` UnicodeString	—
`Error` UnicodeString	—
`ErrorBits` UInt64	—

Event ID 8049 — DNS-over-TLS request failed to obtain valid SSL certificate from server Server, with hostname Hostname, due to: Error.

Provider: Microsoft-Windows-DNS-Client
Channel: System

Description

DNS-over-TLS request failed to obtain valid SSL certificate from server Server, with hostname Hostname, due to: Error. WinHTTP flags: ErrorBits.

Message #

DNS-over-TLS request failed to obtain valid SSL certificate from server %1, with hostname %2, due to: %3. WinHTTP flags: %4

Fields #

Name	Description
`Server` UnicodeString	—
`Hostname` UnicodeString	—
`Error` UnicodeString	—
`ErrorBits` UInt64	—

Event ID 8050 — Windows DNS Client process mitigations: SystemCall: SystemCallDisable, ExtensionPoint: ExtensionPointDisable, DynamicCode: DynamicCode, CFG: ControlFlowGuard, BinarySignature: BinarySignature, Font...

Provider: Microsoft-Windows-DNS-Client
Channel: Operational

Description

Windows DNS Client process mitigations: SystemCall: , ExtensionPoint: , DynamicCode: , CFG: , BinarySignature: , FontDisable: , ImageLoad: , ChildProcess: . Enforce mitigations.

Message #

Windows DNS Client process mitigations: SystemCall: %1, ExtensionPoint: %2, DynamicCode: %3, CFG: %4, BinarySignature: %5, FontDisable: %6, ImageLoad: %7, ChildProcess: %8. Enforce mitigations: %9

Fields #

Name	Description
`SystemCallDisable` UInt32	—
`ExtensionPointDisable` UInt32	—
`DynamicCode` UInt32	—
`ControlFlowGuard` UInt32	—
`BinarySignature` UInt32	—
`FontDisable` UInt32	—
`ImageFlow` UInt32	—
`ChildProcess` UInt32	—
`EnforcementKey` UInt32	—

Event ID 60004 — Error: Error Location: Location Context: Context.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsNetError

Description

Error: Error Location: Location Context: Context.

Message #

Error: %1 Location: %2 Context: %3

Fields #

Name	Description
`Error` UInt32	—
`Location` UInt32	—
`Context` UInt32	—
`ErrorCode` UInt32	—

Event ID 60005 — Warning: Warning Location: Location Context: Context.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsNetWarning

Description

Warning: Warning Location: Location Context: Context.

Message #

Warning: %1 Location: %2 Context: %3

Fields #

Name	Description
`Warning` UInt32	—
`Location` UInt32	—
`Context` UInt32	—
`WarningCode` UInt32	—

Event ID 60006 — Transitioned to State: NextState Context: Context.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsStateTransition

Description

Transitioned to State: NextState Context: Context.

Message #

Transitioned to State: %1 Context: %2

Fields #

Name	Description
`NextState` UInt8	—
`Context` UInt32	—

Event ID 60007 — Updated Context: Updated_Context Update Reason: Update_Reason.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsContextUpdate

Description

Updated Context: Updated_Context Update Reason: Update_Reason.

Message #

Updated Context: %1 Update Reason: %2

Fields #

Name	Description
`Updated_Context` UInt32	—
`Update_Reason` UInt32	—
`Context` UInt32	—
`UpdateReasonCode` UInt32	—

Event ID 60008 — Name resolution policy table has been corrupted.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsPolicyReadError

Description

Name resolution policy table has been corrupted. DNS resolution will fail until it is fixed. Contact your network administrator. For more information: read policy table for rule failed with error.

Message #

Name resolution policy table has been corrupted. DNS resolution will fail until it is fixed. Contact your network administrator. For more information: read policy table for rule %1 failed with error %2

Fields #

Name	Description
`RuleName` UnicodeString	—
`ErrorCode` UInt32	—

Event ID 60101 — SourceAddress: SourceAddress SourcePort: SourcePort DestinationAddress: DestinationAddress DestinationPort: DestinationPort Protocol: Protocol ReferenceContext: ReferenceContext.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsV4Tuple

Description

SourceAddress: SourceAddress SourcePort: SourcePort DestinationAddress: DestinationAddress DestinationPort: DestinationPort Protocol: Protocol ReferenceContext: ReferenceContext.

Message #

SourceAddress: %1 SourcePort: %2 DestinationAddress: %3 DestinationPort: %4 Protocol: %5 ReferenceContext: %6

Fields #

Name	Description
`SourceAddress` UInt32	—
`SourcePort` UInt32	—
`DestinationAddress` UInt32	—
`DestinationPort` UInt32	—
`Protocol` UInt32	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`ReferenceContext` UInt32	—

Event ID 60102 — SourceAddress: SourceAddress SourcePort: SourcePort DestinationAddress: DestinationAddress DestinationPort: DestinationPort Protocol: Protocol ReferenceContext: ReferenceContext.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsV6Tuple

Description

SourceAddress: SourceAddress SourcePort: SourcePort DestinationAddress: DestinationAddress DestinationPort: DestinationPort Protocol: Protocol ReferenceContext: ReferenceContext.

Message #

SourceAddress: %1 SourcePort: %2 DestinationAddress: %3 DestinationPort: %4 Protocol: %5 ReferenceContext: %6

Fields #

Name	Description
`SourceAddress` Binary	—
`SourcePort` UInt32	—
`DestinationAddress` Binary	—
`DestinationPort` UInt32	—
`Protocol` UInt32	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`ReferenceContext` UInt32	—

Event ID 60103 — Interface Guid: Interface_Guid IfIndex: IfIndex Interface Luid: Interface_Luid ReferenceContext: ReferenceContext.

Provider: Microsoft-Windows-DNS-Client
Channel: Operational
Task: DnsInterfaceInfo

Description

Interface Guid: Interface_Guid IfIndex: IfIndex Interface Luid: Interface_Luid ReferenceContext: ReferenceContext.

Message #

Interface Guid: %1 IfIndex: %2 Interface Luid: %3 ReferenceContext: %4

Fields #

Name	Description
`Interface_Guid` GUID	—
`IfIndex` UInt32	—
`Interface_Luid` UInt64	—
`ReferenceContext` UInt32	—
`IfGuid` GUID	—
`IfLuid` UInt64	—