Microsoft-Windows-DNS-Server-Service

497 events across 1 channel

Event ID	Title	Channel
2		DNS Server
3		DNS Server
4		DNS Server
10	The DNS server could not start because it is dependent on the NTDS service which …	DNS Server
11	The DNS server could not register dependency on %1 service.	DNS Server
111	The DNS server could not create a thread.	DNS Server
131	DNS Server Zone Transfer	DNS Server
140	DNS Server Service Status	DNS Server
150		DNS Server
403	The DNS server could not create a Transmission Control Protocol (TCP) socket.	DNS Server
404		DNS Server
405	The DNS server could not listen on Transmission Control Protocol (TCP) socket …	DNS Server
406	The DNS server could not create a User Datagram Protocol (UDP) socket.	DNS Server
407		DNS Server
408		DNS Server
409	The DNS server list of restricted interfaces contains IP addresses that are not …	DNS Server
410	The DNS server list of restricted interfaces does not contain a valid IP address …	DNS Server
411	The DNS server has bound one or more socket pool sockets to port numbers from …	DNS Server
414	The DNS server computer currently does not have a DNS domain name.	DNS Server
500	The DNS server has detected that the zone %1 has invalid or corrupted registry …	DNS Server
501	The DNS server has detected that the zone %1 has a missing or corrupted zone …	DNS Server
502	The DNS server has detected that for the primary zone %1 its has no zone file …	DNS Server
503	The DNS server has detected that the secondary zone %1 has no master IP …	DNS Server
504	The DNS server could not create zone %1 from registry data.	DNS Server
505	The DNS server zone %1 has invalid or corrupted registry data for %2.	DNS Server
506	The DNS server has invalid or corrupted registry parameter %1.	DNS Server
507	The DNS server encountered invalid or corrupted forwarder parameters in registry …	DNS Server
706	The DNS server does not have a cache or other database entry for root name …	DNS Server
707	The DNS server is not root authoritative and no root hints were specified in the …	DNS Server
708		DNS Server
709	The DNS server has moved the AD-integrated root hint data for all DNS servers in …	DNS Server
710	An administrator has changed the type and zone storage options of zone %1.	DNS Server
711	An administrator has changed the type and/or Active Directory location of zone …	DNS Server
712	An administrator has changed the zone storage options for zone %1.	DNS Server
713	An administrator has moved the zone %1 to a new location in Active Directory.	DNS Server
768	The DNS server has loaded the scope %1 of zone %2 from file %3 on server %4.	DNS Server
769		DNS Server
770		DNS Server
771		DNS Server
772	The V2 plugin interface has been implemented in server level plugin DLL.	DNS Server
773	The V3 plugin interface to select scopes of a zone has been implemented in …	DNS Server
774	The RecursionScope plugin interface to select scope of the DNS server has been …	DNS Server
775	The CacheScope plugin interface to select scope of the DNS cache has been …	DNS Server
776	The DNS server has started to unsign the zone %1 on server %2.	DNS Server
777	The DNS server encountered an error while unsigning the zone %1.	DNS Server
784	The key signing key with GUID %1 of zone %2 has moved to stage %3 of rollover.	DNS Server
785	The zone signing key with GUID %1 of zone %2 has moved to stage %3 of rollover.	DNS Server
786	The DNS server is being started in authoritative-cache mode %1.	DNS Server
787	Negative caching has been disabled on the server %1.	DNS Server
788	The DNS server has loaded the scope %1 of server %2.	DNS Server
789	The DNS server has loaded the virtualization instance.	DNS Server
790	The EDNS option code %1 for scope transaction is invalid or conflicts with the …	DNS Server
791	The ScopeOptionValue has been set to %1.	DNS Server
792	Failed to load server level policy %1 of server %2.	DNS Server
793	Failed to load zone level policy %1 of zone %3 on server %2.	DNS Server
794	Failed to load zone level policy %1 of zone %3 on server %2.	DNS Server
795	Failed to load server level policy %1 on server %2.	DNS Server
796	Failed to load the client subnet %1.	DNS Server
797	Failed to load a server level policy of server %1.	DNS Server
798	Failed to load a zone level policy of zone %2 on server %1.	DNS Server
799	Failed to load client subnets on server %1.	DNS Server
800	The zone %1 is configured to accept updates but the A record for the primary …	DNS Server
801	Failed to load Response Rate Limiting parameters on server %1.	DNS Server
802	Failed to enable Response Rate Limiting on server %1.	DNS Server
803	The EDNS option code %1 for the virtualization instance option is invalid or …	DNS Server
804	Failed to load virtualization instance.	DNS Server
805	Failed to read the virtualization instance from registry.	DNS Server
806	The VirtualizationInstanceOptionValue has been set to %1.	DNS Server
807	The DNS server received indication that scope %1 of zone %2 was deleted from the …	DNS Server
808	The V6 plugin interface has been implemented in server level plugin DLL.	DNS Server
809	The EDNS option code %1 for the DNS data tag is invalid or conflicts with the …	DNS Server
817	The DataTagOptionValue has been set to %1.	DNS Server
818	The throttle plugin interface has been implemented in server level plugin DLL.	DNS Server
819	The CorrelationTagOptionValue has been set to %1.	DNS Server
820	The logging plugin interface has been implemented in server level plugin DLL.	DNS Server
821	The init query plugin interface has been implemented in server level plugin DLL.	DNS Server
822	Successfully started HTTP server for DNS-over-HTTPS (DoH) server.	DNS Server
823	The DNS server could not initialize the HTTP server for DNS-over-HTTPS (DoH) and …	DNS Server
824	The DNS server could not create the HTTP server session for DNS-over-HTTPS (DoH) …	DNS Server
825	The DNS server could not register the URL for the DNS-over-HTTPS (DoH) server …	DNS Server
826	The DNS server could not create the HTTP request queue for DNS-over-HTTPS (DoH) …	DNS Server
827	The configuration for DNS-over-HTTPS (DoH) server are.	DNS Server
828	The DNS-over-HTTPS (DoH) server has shut down gracefully.	DNS Server
829	The DNS-over-HTTPS (DoH) server has shut down due to an error and failed with …	DNS Server
1000	The DNS server could not open the file %1.	DNS Server
1001	The DNS server could not map file %1 to memory.	DNS Server
1003	DNS Server RPC Protocol Initialization	DNS Server
1004	The DNS server could not find or open zone file %1.	DNS Server
1008	The DNS server was unable to create the path for file %1 in directory %2.	DNS Server
1200	The DNS server could not find or open boot file %1.	DNS Server
1201	The DNS server could not create zone %1 specified in file %2 at line %3.	DNS Server
1202	The DNS server encountered an unsupported 'directory' directive in the server …	DNS Server
1203	The DNS server encountered a 'forwarders' directive in with no forwarding …	DNS Server
1205	The DNS server encountered an unknown boot option %1 in file %2 at line %3.	DNS Server
1206	DNS server encountered missing database directory name, in file %1, line %2.	DNS Server
1501	The DNS server could not parse zone file %1 for zone %2.	DNS Server
1502	The DNS server could not parse the token ".	DNS Server
1503	The DNS server could not parse the zone file %1 at line %2.	DNS Server
1504	The DNS server could not parse an unexpected token ".	DNS Server
1505	The DNS server unexpected end of line, in zone file %1 at line %2.	DNS Server
1506	The DNS server encountered invalid token ".	DNS Server
1507	The DNS server encountered invalid class token ".	DNS Server
1508	The DNS server is ignoring an invalid resource record in zone file %1 at line …	DNS Server
1520	The DNS server encountered the unknown directive '.	DNS Server
1521	The DNS server encountered the unsupported directive '.	DNS Server
1522	The DNS server encountered the obsolete directive '.	DNS Server
1523	The DNS server encountered the directive '.	DNS Server
1524	DNSSEC signatures with key tag %1, associated with records in zone %2, have …	DNS Server
1525	DNSSEC signatures with key tag %1, associated with records in zone %2, will …	DNS Server
1540	The DNS server unable to create domain node.	DNS Server
1541	The DNS server encountered invalid domain name ".	DNS Server
1542	The DNS server encountered invalid domain name ".	DNS Server
1543	The DNS server encountered domain name ".	DNS Server
1544	The DNS server encountered an invalid "@" token ".	DNS Server
1545	The DNS server encountered a name outside of the specified zone in zone file %1 …	DNS Server
1546	The DNS server encountered an invalid name server (NS) resource record in zone …	DNS Server
1547	The DNS server encountered an invalid host (A) resource record in zone file %1 …	DNS Server
1600	The DNS server encountered an unknown or unsupported resource record (RR) type …	DNS Server
1601	DNS server encountered the obsolete record type %1 in database file %2, line %3.	DNS Server
1602	The DNS server encountered an invalid SOA (Start Of Authority) resource record …	DNS Server
1610	The DNS server encountered a resource record (RR) in the zone file %1 at line %2 …	DNS Server
1611	The DNS server encountered a CNAME (alias) resource record (RR) in zone file %1 …	DNS Server
1612	The DNS server encountered an alias (CNAME or DNAME) resource record (RR) in …	DNS Server
1613	The DNS server encountered an invalid preference value ".	DNS Server
1614	The DNS server encountered a token ".	DNS Server
1616	The DNS server encountered a text string ".	DNS Server
1617	The DNS server encountered an invalid IP address ".	DNS Server
1618	The DNS server encountered an invalid IPv6 address ".	DNS Server
1619	The DNS server could not find protocol ".	DNS Server
1620	The DNS server could not find the service ".	DNS Server
1621	The DNS server encountered the port ".	DNS Server
1650	The DNS server encountered invalid WINS record in file %1, line %2.	DNS Server
1651	The DNS server encountered an invalid WINS reverse lookup (WINSR) resource …	DNS Server
1654	The DNS server encountered an unknown WINS-to-DNS mapping flag %1 in file %2 at …	DNS Server
1656	The DNS server encountered a WINS reverse lookup (WINSR) resource record (RR) …	DNS Server
2001	The DNS server is now booting from the registry or directory.	DNS Server
2002	The DNS server has written a new version of the boot file.	DNS Server
2003	The DNS server encountered an error writing current configuration back to boot …	DNS Server
2005	The DNS server has been reconfigured to boot from a boot file.	DNS Server
2200	The DNS server could not open a registry key.	DNS Server
2202	The DNS server could not write a registry key.	DNS Server
2203	The DNS server could not delete a registry key.	DNS Server
2204	The registry value …	DNS Server
2501	The DNS server has completed a scavenging cycle: Visited Zones = %1, Visited …	DNS Server
2502	The DNS server has completed a scavenging cycle but no nodes were visited.	DNS Server
2630	DNS Server Configuration	DNS Server
2631		DNS Server
3150		DNS Server
3151	The DNS server unable to write zone file %1 for zone %2.	DNS Server
3152	The DNS server was unable to open file %1 for write.	DNS Server
3153	The DNS server encountered an error writing to file.	DNS Server
3162	The DNS server encountered an unknown protocol writing a well known service …	DNS Server
3163	While writing a well known service (WKS) record to the zone file, the DNS server …	DNS Server
4000		DNS Server
4001	The DNS server was unable to open zone %1 in the Active Directory.	DNS Server
4002	The DNS server was unable to add zone %1 to the Active Directory.	DNS Server
4003	The DNS server was unable to delete zone %1 in the Active Directory.	DNS Server
4004	The DNS server was unable to complete directory service enumeration of zone %1.	DNS Server
4005	The DNS server received indication that zone %1 was deleted from the Active …	DNS Server
4006	The DNS server could not load the records for the DNS name %1 found in the …	DNS Server
4007		DNS Server
4010	The DNS server was unable to create a resource record for %1 in zone %2.	DNS Server
4011	The DNS server was unable to add or write an update of domain name %1 in zone %2 …	DNS Server
4012	The DNS server timed out attempting to write resource records to the Active …	DNS Server
4013		DNS Server
4014	The DNS server was unable to initialize Active Directory security interfaces.	DNS Server
4015		DNS Server
4016	The DNS server timed out attempting an Active Directory service operation on %1.	DNS Server
4017	The DNS server was unable to load or create the DnsAdmins group.	DNS Server
4018	The DNS server was unable to begin background loading of Active …	DNS Server
4019	The DNS server attempted to load the Active Directory-integrated zone %1 in the …	DNS Server
4020	The DNS server is now starting to load zone %1 in the background.	DNS Server
4021	The DNS server has completed background loading of zone %1.	DNS Server
4400	The DNS server is experiencing high SOA query load.	DNS Server
4401	The DNS server is experiencing high SOA query load.	DNS Server
4500		DNS Server
4501	The DNS Application Directory Partition %1 was deleted.	DNS Server
4502	The DNS added the local Active Directory to the replication scope of Application …	DNS Server
4503	The DNS removed the local Active Directory from the replication scope of …	DNS Server
4510	The DNS server was unable to connect to the domain naming FSMO %1.	DNS Server
4511	The zone %1 was not successfully saved to the new directory partition as %2 due …	DNS Server
4512	The DNS server was unable to create the built-in directory partition %1.	DNS Server
4513	The DNS server detected that it is not enlisted in the replication scope of the …	DNS Server
4514	The DNS server detected that it is not enlisted in the replication scope of the …	DNS Server
4515	The zone %1 was previously loaded from the directory partition %2 but another …	DNS Server
4520	The DNS server encountered error %1 building the zone list from Active …	DNS Server
4521	The DNS server encountered error %1 attempting to load zone %2 from Active …	DNS Server
4522	The DNS server has deleted all records for a corrupt DNS node from Active …	DNS Server
4523	The DNS server has detected that the application directory partition %1 is …	DNS Server
4524	DNS Server Autoconfiguration	DNS Server
5051	The DNS server is using a large amount of memory.	DNS Server
5105	The DNS server attempted to cache an CNAME (alias) resource record for the …	DNS Server
5106	The DNS server attempted to cache an CNAME (alias) resource record (RR) for a …	DNS Server
5107	The DNS server created CNAME (alias) loop caching CNAME resource records (RRs).	DNS Server
5108	The DNS server created an CNAME (alias) loop loading CNAME at %1.	DNS Server
5500	The DNS server received a bad DNS query from %1.	DNS Server
5501	The DNS server encountered a bad packet from %1.	DNS Server
5502	The DNS server received a bad TCP-based DNS message from %1.	DNS Server
5504	The DNS server encountered an invalid domain name in a packet from %1.	DNS Server
5505	The DNS server encountered a domain name exceeding the maximum length in the …	DNS Server
5506	The DNS server encountered an invalid domain name offset in a packet from %1.	DNS Server
5507	The DNS server encountered a name offset exceeding the packet length from %1.	DNS Server
5508	The DNS server encountered a packet name exceeding the maximum label count from …	DNS Server
5509	The DNS server encountered an invalid DNS update message from %1.	DNS Server
5510	The DNS server encountered an invalid response message from %1.	DNS Server
5511	The DNS server encountered a name with a label whose length exceeds the maximum …	DNS Server
6000	The DNS server started transfer of version %1 of zone %2 to the DNS server at …	DNS Server
6001	The DNS server successfully completed transfer of version %1 of zone %2 to the …	DNS Server
6002	The transfer of version %1 of zone %2 by the DNS server was aborted by the …	DNS Server
6003	The DNS server received a request from %1 for a UDP-based transfer of the entire …	DNS Server
6004		DNS Server
6520	Zone %1 was updated to version %2 of the zone as provided from the master server …	DNS Server
6521	Zone %1 is synchronized with version %2 of the zone as provided from the master …	DNS Server
6522	A more recent version, version %1 of zone %2 was found at the DNS server at %3.	DNS Server
6523	Zone %1 failed zone refresh check.	DNS Server
6524	Invalid response from master DNS server at %2 during attempted zone transfer of …	DNS Server
6525	A zone transfer request for the secondary zone %1 was refused by the master DNS …	DNS Server
6526	Zone %1 version %2 is newer than version %3 on DNS server at %4.	DNS Server
6527	Zone %1 expired before it could obtain a successful zone transfer or update from …	DNS Server
6528	The scope %1 of zone %2 expired before it could obtain a successful zone …	DNS Server
6529	The operation for zone %1 is not complete.	DNS Server
6530	During transfer of zone %1 from master at %2, the DNS server received a resource …	DNS Server
6531	During transfer of zone %1 from master at %2, the DNS server received a CNAME …	DNS Server
6532	During transfer of zone %1 from master at %2, the DNS server received a CNAME …	DNS Server
6533	The DNS server could not create a zone transfer thread.	DNS Server
6534	Failed transfer of zone %1 from DNS server at %2.	DNS Server
6535	The master DNS server at %2 responded to IXFR (Incremental Zone Transfer) …	DNS Server
6536	Invalid IXFR (Incremental Zone Transfer) response from master DNS server at %2 …	DNS Server
7050	The DNS server recv() function failed.	DNS Server
7051	The DNS server recvfrom() function failed.	DNS Server
7052	The DNS server send() function failed.	DNS Server
7053	The DNS server sendto() function failed.	DNS Server
7054	The DNS server select() function failed.	DNS Server
7055	The DNS server accept() function failed.	DNS Server
7056	The DNS server GetQueuedCompletionStatus() function failed.	DNS Server
7060	The DNS server could not connect to DNS server at %1.	DNS Server
7062	The DNS server encountered a packet addressed to itself on IP address %1.	DNS Server
7500	The DNS server failed to process a packet from %1.	DNS Server
7502	The DNS server was unable to service a client request due a shortage of …	DNS Server
7503	The DNS server could not allocate memory for resource record %1.	DNS Server
7504	DNS Server WINS NetBIOS Initialization	DNS Server
7600	The global query block list is a feature that prevents attacks on your network …	DNS Server
7616	The TrustAnchors zone could not be loaded.	DNS Server
7632	The DNSSEC trust point %1 is available for DNSSEC validation.	DNS Server
7633	The DNSSEC trust point %1 is available for DNSSEC validation.	DNS Server
7634	The DNSSEC trust point %1 is not available for DNSSEC validation, because a …	DNS Server
7635	The DNSSEC trust point %1 will be deleted after %2 because it has no valid trust …	DNS Server
7636	The DNSSEC trust point %1 has been deleted because it has no valid or revoked …	DNS Server
7637	The DS record with the key tag %2 at the trust point %1 will be replaced with a …	DNS Server
7638	The DNSKEY with the key tag %2 at the trust point %1 is now a valid trust anchor …	DNS Server
7639	The trust anchor with the key tag %2 at the trust point %1 has been removed from …	DNS Server
7640	The DNSKEY with the key tag %2 at the trust point %1 has been marked as revoked …	DNS Server
7641	The DNSKEY with the key tag %2 at the trust point %1 will become a trust anchor …	DNS Server
7642	The DS record with the key tag %2 at the trust point %1 does not correspond to a …	DNS Server
7643	The %3 with the key tag %2 at the trust point %1 has been deleted.	DNS Server
7644	The active refresh query for the DNSKEY records at the trust point %1 has failed …	DNS Server
7645	The active refresh query for the DNSKEY records at the trust point %1 has …	DNS Server
7646	The zone %1 is now signed with DNSSEC.	DNS Server
7647	The zone %1 is no longer signed with DNSSEC.	DNS Server
7648	The DNS server has detected that it is no longer the Key Master for zone %1.	DNS Server
7649	The DNS server has successfully assumed Key Master responsibilities for zone %1.	DNS Server
7650	The DNS server has started signing the zone %1.	DNS Server
7652	The DNS server encountered an error while signing the zone %1.	DNS Server
7653	The DNS server has detected that zone signing parameters for zone %1 have been …	DNS Server
7654	The DNS server was unable to sign zone data changed by dynamic update at node %1 …	DNS Server
7655	The DNS server was unable to sign zone data changed by a scavenging update to …	DNS Server
7656	The DNS server was unable to sign zone changes replicated from another domain …	DNS Server
7657	The DNS server was unable to refresh signatures at node %1 in zone %2.	DNS Server
7658	The DNS server was unable to complete re-signing of the zone %1.	DNS Server
7659	The DNS server was unable to sign new DS records from the child zone at node %1 …	DNS Server
7660	The DNS server was unable to validate new DS records from the child zone at node …	DNS Server
7661	The DNS server was unable to sign an administrative update at node %1 in zone …	DNS Server
7662	The DNS server will not be able to automatically refresh the DS record set at …	DNS Server
7663	The DNS server was unable to sign the zone %1 because it encountered an invalid …	DNS Server
7664	The DNS server was unable to sign the zone %1 because it encountered an invalid …	DNS Server
7665	The DNS server was unable to sign the zone %1 because it was unable to access …	DNS Server
7666	The DNS server encountered an error signing zone %1 during load.	DNS Server
7667	Keys for the Signing Key Descriptor %1 in zone %2 will be rolled over in less …	DNS Server
7668	Keys for the Signing Key Descriptor %1 in zone %2 will be rolled over in %3 …	DNS Server
7669	Keys for the Signing Key Descriptor %1 in zone %2 are starting the rollover …	DNS Server
7670	The rollover process for Signing Key Descriptor %1 in zone %2 is complete.	DNS Server
7671	There was an error rolling keys for Signing Key Descriptor %1 in zone %2.	DNS Server
7672	There was an error rolling keys for Signing Key Descriptor %1 in zone %2.	DNS Server
7673	Retired Signing Key Descriptor %1 in zone %2 has been removed.	DNS Server
7674	Zone %1 has been transferred to one or more secondary DNS servers.	DNS Server
7675	The DNS server has started signing the scope %1 of zone %2.	DNS Server
7676	The scope %1 of zone %2 is signed with DNSSEC.	DNS Server
7677	The DNS server encountered an error while signing the scope %1 of zone %2.	DNS Server
7678	The scope %1 of zone %2 is no longer signed with DNSSEC.	DNS Server
7679	The DNS server encountered an error while unsigning the scope %1 of zone %2.	DNS Server
7680	Failed to load scopes of zone %1.	DNS Server
7681	Failed to load scope %1 of zone %2.	DNS Server
7682	Failed to load scope %1 of zone %2.	DNS Server
7683	Failed to write data of scope %1 of zone %2 into file %3.	DNS Server
7684	The cache scope %1 was flushed.	DNS Server
7685	A scope %1 has been added to server %2.	DNS Server
7686	A scope %1 has been deleted from server %2.	DNS Server
7687	Failed to load scope %1 of server %2.	DNS Server
7688	The size of the cache on DNS server is approaching its configured limit of %1 …	DNS Server
7689	The size of the cache on DNS server is approaching its configured limit of %1 …	DNS Server
7690	The size of the cache on DNS server has been brought within its configured limit …	DNS Server
7691	DNS service started with less privileges as KDC is unavailable at the moment.	DNS Server
7692	The EDNS option code %1 for scope transaction during zone transfer is invalid.	DNS Server
7693		DNS Server
7694	The DNS server encountered an error %1 while signing the zone %2.	DNS Server
1073741826	The DNS server has started.	DNS Server
1073741827	The DNS server has shut down.	DNS Server
1073741828	The DNS server has finished the background loading of zones.	DNS Server
1073742532	The DNS server did not detect any zones of either primary or secondary type …	DNS Server
1073742533	The DNS server has moved the AD-integrated root hint data for all DNS servers in …	DNS Server
1073742534	An administrator has changed the type and zone storage options of zone {param1}.	DNS Server
1073742535	An administrator has changed the type and/or Active Directory location of zone …	DNS Server
1073742536	An administrator has changed the zone storage options for zone {param1}.	DNS Server
1073742537	An administrator has moved the zone {param1} to a new location in Active …	DNS Server
1073742624	The zone {param1} is configured to accept updates but the A record for the …	DNS Server
1073743826	The DNS server has written a new version of the boot file.	DNS Server
1073743829	The DNS server has been reconfigured to boot from a boot file.	DNS Server
1073744325	The DNS server has completed a scavenging cycle: Visited Zones = {param1}; …	DNS Server
1073744326	The DNS server has completed a scavenging cycle but no nodes were visited.	DNS Server
1073744455	The DNS server successfully autoconfigured: {param1} {param2} {param3} {param4}.	DNS Server
1073744974	The DNS server wrote version {param1} of zone {param2} to file {param3}.	DNS Server
1073745829	The DNS server received indication that zone {param1} was deleted from the …	DNS Server
1073745844	The DNS server is now starting to load zone {param1} in the background.	DNS Server
1073745845	The DNS server has completed background loading of zone {param1}.	DNS Server
1073746324	The DNS Application Directory Partition {param1} was created.	DNS Server
1073746325	The DNS Application Directory Partition {param1} was deleted.	DNS Server
1073746326	The DNS added the local Active Directory to the replication scope of Application …	DNS Server
1073746327	The DNS removed the local Active Directory from the replication scope of …	DNS Server
1073746337	The DNS server detected that it is not enlisted in the replication scope of the …	DNS Server
1073746338	The DNS server detected that it is not enlisted in the replication scope of the …	DNS Server
1073746347	The DNS server has detected that the application directory partition {param1} is …	DNS Server
1073746348	The DNS server has detected that the application directory partition {param1} …	DNS Server
1073747324	The DNS server received a bad DNS query from {param1}.	DNS Server
1073747325	The DNS server encountered a bad packet from {param1}.	DNS Server
1073747326	The DNS server received a bad TCP-based DNS message from {param1}.	DNS Server
1073747328	The DNS server encountered an invalid domain name in a packet from {param1}.	DNS Server
1073747329	The DNS server encountered a domain name exceeding the maximum length in the …	DNS Server
1073747330	The DNS server encountered an invalid domain name offset in a packet from …	DNS Server
1073747331	The DNS server encountered a name offset exceeding the packet length from …	DNS Server
1073747332	The DNS server encountered a packet name exceeding the maximum label count from …	DNS Server
1073747333	The DNS server encountered an invalid DNS update message from {param1}.	DNS Server
1073747334	The DNS server encountered an invalid response message from {param1}.	DNS Server
1073747335	The DNS server encountered a name with a label whose length exceeds the maximum …	DNS Server
1073747824	The DNS server started transfer of version {param1} of zone {param2} to the DNS …	DNS Server
1073747825	The DNS server successfully completed transfer of version {param1} of zone …	DNS Server
1073747826	The transfer of version {param1} of zone {param2} by the DNS server was aborted …	DNS Server
1073748344	Zone {param1} was updated to version {param2} of the zone as provided from the …	DNS Server
1073748345	Zone {param1} is synchronized with version {param2} of the zone as provided from …	DNS Server
1073748346	A more recent version; version {param1} of zone {param2} was found at the DNS …	DNS Server
2147484057	The DNS server list of restricted interfaces contains IP addresses that are not …	DNS Server
2147484059	The DNS server has bound one or more socket pool sockets to port numbers from …	DNS Server
2147484062	The DNS server computer currently does not have a DNS domain name.	DNS Server
2147484354	The DNS server does not have a cache or other database entry for root name …	DNS Server
2147484850	The DNS server encountered an unsupported 'directory' directive in the server …	DNS Server
2147485168	The DNS server encountered the unknown directive '.	DNS Server
2147485169	The DNS server encountered the unsupported directive '.	DNS Server
2147485170	The DNS server encountered the obsolete directive '.	DNS Server
2147485171	The DNS server encountered the directive '.	DNS Server
2147485173	DNSSEC signatures with key tag {param1}; associated with records in zone …	DNS Server
2147485249	DNS server encountered the obsolete record type {param1} in database file …	DNS Server
2147486278	The DNS server could not configure the network connections of this computer with …	DNS Server
2147487661	The DNS server is waiting for Active Directory Domain Services (AD DS) to signal …	DNS Server
2147487665	The DNS server was unable to load or create the DnsAdmins group.	DNS Server
2147487666	The DNS server was unable to begin background loading of Active …	DNS Server
2147487667	The DNS server attempted to load the Active Directory-integrated zone {param1} …	DNS Server
2147488048	The DNS server is experiencing high SOA query load.	DNS Server
2147488158	The DNS server was unable to connect to the domain naming FSMO {param1}.	DNS Server
2147488160	The DNS server was unable to create the built-in directory partition {param1}.	DNS Server
2147488163	The zone {param1} was previously loaded from the directory partition {param2} …	DNS Server
2147488168	The DNS server encountered error {param1} building the zone list from Active …	DNS Server
2147488169	The DNS server encountered error {param1} attempting to load zone {param2} from …	DNS Server
2147488170	The DNS server has deleted all records for a corrupt DNS node from Active …	DNS Server
2147488699	The DNS server is using a large amount of memory.	DNS Server
2147489651	The DNS server received a request from {param1} for a UDP-based transfer of the …	DNS Server
2147489652	The DNS server received a zone transfer request from {param1} for a non-existent …	DNS Server
2147490171	Zone {param1} failed zone refresh check.	DNS Server
2147490174	Zone {param1} version {param2} is newer than version {param3} on DNS server at …	DNS Server
2147490183	The master DNS server at {param2} responded to IXFR (Incremental Zone Transfer) …	DNS Server
2147490708	The DNS server could not connect to DNS server at {param1}.	DNS Server
2147490710	The DNS server encountered a packet addressed to itself on IP address {param1}.	DNS Server
2147491148	The DNS server failed to process a packet from {param1}.	DNS Server
2147491248	The global query block list is a feature that prevents attacks on your network …	DNS Server
2147491264	The TrustAnchors zone could not be loaded:{param1}.	DNS Server
3221225482	The DNS server could not start because it is dependent on the NTDS service which …	DNS Server
3221225583	The DNS server could not create a thread.	DNS Server
3221225603	The DNS server failed to initialize NetBIOS lookups to support WINSR for reverse …	DNS Server
3221225612	The DNS server could not initialize the remote procedure call (RPC) service.	DNS Server
3221225622	The DNS server could not load or initialize the plug-in DLL {param1}.	DNS Server
3221225875	The DNS server could not create a Transmission Control Protocol (TCP) socket.	DNS Server
3221225876	The DNS server could not bind a Transmission Control Protocol (TCP) socket to …	DNS Server
3221225877	The DNS server could not listen on Transmission Control Protocol (TCP) socket …	DNS Server
3221225878	The DNS server could not create a User Datagram Protocol (UDP) socket.	DNS Server
3221225879	The DNS server could not bind a User Datagram Protocol (UDP) socket to {param1}.	DNS Server
3221225880	The DNS server could not open socket for address {param1}.	DNS Server
3221225882	The DNS server list of restricted interfaces does not contain a valid IP address …	DNS Server
3221225972	The DNS server has detected that the zone {param1} has invalid or corrupted …	DNS Server
3221225973	The DNS server has detected that the zone {param1} has a missing or corrupted …	DNS Server
3221225974	The DNS server has detected that for the primary zone {param1} its has no zone …	DNS Server
3221225975	The DNS server has detected that the secondary zone {param1} has no master IP …	DNS Server
3221225976	The DNS server could not create zone {param1} from registry data.	DNS Server
3221225977	The DNS server zone {param1} has invalid or corrupted registry data for …	DNS Server
3221225978	The DNS server has invalid or corrupted registry parameter {param1}.	DNS Server
3221225979	The DNS server encountered invalid or corrupted forwarder parameters in registry …	DNS Server
3221226179	The DNS server is not root authoritative and no root hints were specified in the …	DNS Server
3221226472	The DNS server could not open the file {param1}.	DNS Server
3221226473	The DNS server could not map file {param1} to memory.	DNS Server
3221226475	The DNS server could not find or open the root hints file; Cache.	DNS Server
3221226476	The DNS server could not find or open zone file {param1}.	DNS Server
3221226480	The DNS server was unable to create the path for file {param1} in directory …	DNS Server
3221226672	The DNS server could not find or open boot file {param1}.	DNS Server
3221226673	The DNS server could not create zone {param1} specified in file {param2} at line …	DNS Server
3221226675	The DNS server encountered a 'forwarders' directive in with no forwarding …	DNS Server
3221226677	The DNS server encountered an unknown boot option {param1} in file {param2} at …	DNS Server
3221226678	DNS server encountered missing database directory name; in file {param1}; line …	DNS Server
3221226973	The DNS server could not parse zone file {param1} for zone {param2}.	DNS Server
3221226974	The DNS server could not parse the token '.	DNS Server
3221226975	The DNS server could not parse the zone file {param1} at line {param2}.	DNS Server
3221226976	The DNS server could not parse an unexpected token '.	DNS Server
3221226977	The DNS server unexpected end of line; in zone file {param1} at line {param2}.	DNS Server
3221226978	The DNS server encountered invalid token '.	DNS Server
3221226979	The DNS server encountered invalid class token '.	DNS Server
3221226980	The DNS server is ignoring an invalid resource record in zone file {param1} at …	DNS Server
3221226996	DNSSEC signatures with key tag {param1}; associated with records in zone …	DNS Server
3221227012	The DNS server unable to create domain node.	DNS Server
3221227013	The DNS server encountered invalid domain name '.	DNS Server
3221227014	The DNS server encountered invalid domain name '.	DNS Server
3221227015	The DNS server encountered domain name '.	DNS Server
3221227016	The DNS server encountered an invalid '@' token '.	DNS Server
3221227017	The DNS server encountered a name outside of the specified zone in zone file …	DNS Server
3221227018	The DNS server encountered an invalid name server (NS) resource record in zone …	DNS Server
3221227019	The DNS server encountered an invalid host (A) resource record in zone file …	DNS Server
3221227072	The DNS server encountered an unknown or unsupported resource record (RR) type …	DNS Server
3221227074	The DNS server encountered an invalid SOA (Start Of Authority) resource record …	DNS Server
3221227082	The DNS server encountered a resource record (RR) in the zone file {param1} at …	DNS Server
3221227083	The DNS server encountered a CNAME (alias) resource record (RR) in zone file …	DNS Server
3221227084	The DNS server encountered an alias (CNAME or DNAME) resource record (RR) in …	DNS Server
3221227085	The DNS server encountered an invalid preference value '.	DNS Server
3221227086	The DNS server encountered a token '.	DNS Server
3221227088	The DNS server encountered a text string '.	DNS Server
3221227089	The DNS server encountered an invalid IP address '.	DNS Server
3221227090	The DNS server encountered an invalid IPv6 address '.	DNS Server
3221227091	The DNS server could not find protocol '.	DNS Server
3221227092	The DNS server could not find the service '.	DNS Server
3221227093	The DNS server encountered the port '.	DNS Server
3221227122	The DNS server encountered invalid WINS record in file {param1}; line {param2}.	DNS Server
3221227123	The DNS server encountered an invalid WINS reverse lookup (WINSR) resource …	DNS Server
3221227126	The DNS server encountered an unknown WINS-to-DNS mapping flag {param1} in file …	DNS Server
3221227128	The DNS server encountered a WINS reverse lookup (WINSR) resource record (RR) …	DNS Server
3221227475	The DNS server encountered an error writing current configuration back to boot …	DNS Server
3221227672	The DNS server could not open a registry key.	DNS Server
3221227674	The DNS server could not write a registry key.	DNS Server
3221227675	The DNS server could not delete a registry key.	DNS Server
3221227676	The registry value …	DNS Server
3221228623	The DNS server unable to write zone file {param1} for zone {param2}.	DNS Server
3221228624	The DNS server was unable to open file {param1} for write.	DNS Server
3221228625	The DNS server encountered an error writing to file.	DNS Server
3221228632	The DNS server encountered an non-writeable or unknown resource record (RR) type …	DNS Server
3221228634	The DNS server encountered an unknown protocol writing a well known service …	DNS Server
3221228635	While writing a well known service (WKS) record to the zone file; the DNS server …	DNS Server
3221229472	The DNS server was unable to open Active Directory.	DNS Server
3221229473	The DNS server was unable to open zone {param1} in the Active Directory.	DNS Server
3221229474	The DNS server was unable to add zone {param1} to the Active Directory.	DNS Server
3221229475	The DNS server was unable to delete zone {param1} in the Active Directory.	DNS Server
3221229476	The DNS server was unable to complete directory service enumeration of zone …	DNS Server
3221229478	The DNS server could not load the records for the DNS name {param1} found in the …	DNS Server
3221229479	The DNS server was unable to open zone {param1} in the Active Directory from the …	DNS Server
3221229482	The DNS server was unable to create a resource record for {param1} in zone …	DNS Server
3221229483	The DNS server was unable to add or write an update of domain name {param1} in …	DNS Server
3221229484	The DNS server timed out attempting to write resource records to the Active …	DNS Server
3221229486	The DNS server was unable to initialize Active Directory security interfaces.	DNS Server
3221229487	The DNS server has encountered a critical error from the Active Directory.	DNS Server
3221229488	The DNS server timed out attempting an Active Directory service operation on …	DNS Server
3221229983	The zone {param1} was not successfully saved to the new directory partition as …	DNS Server
3221230577	The DNS server attempted to cache an CNAME (alias) resource record for the …	DNS Server
3221230578	The DNS server attempted to cache an CNAME (alias) resource record (RR) for a …	DNS Server
3221230579	The DNS server created CNAME (alias) loop caching CNAME resource records (RRs).	DNS Server
3221230580	The DNS server created an CNAME (alias) loop loading CNAME at {param1}.	DNS Server
3221231996	Invalid response from master DNS server at {param2} during attempted zone …	DNS Server
3221231997	A zone transfer request for the secondary zone {param1} was refused by the …	DNS Server
3221231999	Zone {param1} expired before it could obtain a successful zone transfer or …	DNS Server
3221232002	During transfer of zone {param1} from master at {param2}; the DNS server …	DNS Server
3221232003	During transfer of zone {param1} from master at {param2}; the DNS server …	DNS Server
3221232004	During transfer of zone {param1} from master at {param2}; the DNS server …	DNS Server
3221232005	The DNS server could not create a zone transfer thread.	DNS Server
3221232006	Failed transfer of zone {param1} from DNS server at {param2}.	DNS Server
3221232008	Invalid IXFR (Incremental Zone Transfer) response from master DNS server at …	DNS Server
3221232174	DNS server has updated its own host (A) records.	DNS Server
3221232522	The DNS server recv() function failed.	DNS Server
3221232523	The DNS server recvfrom() function failed.	DNS Server
3221232524	The DNS server send() function failed.	DNS Server
3221232525	The DNS server sendto() function failed.	DNS Server
3221232526	The DNS server select() function failed.	DNS Server
3221232527	The DNS server accept() function failed.	DNS Server
3221232528	The DNS server GetQueuedCompletionStatus() function failed.	DNS Server
3221232974	The DNS server was unable to service a client request due a shortage of …	DNS Server
3221232975	The DNS server could not allocate memory for resource record {param1}.	DNS Server
3221232976	The DNS server could not allocate memory for the node of domain name {param1}.	DNS Server

Event ID 2 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 4
Samples: 1

Message

The DNS server has started.

Fields

Name	Description
`Name`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 2
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854779904
  time_created: '2022-04-07T16:56:30.613142+00:00'
  event_record_id: 30
  correlation: {}
  execution:
    process_id: 2320
    thread_id: 2848
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  Name: DNS_EVENT_STARTUP_OK
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 4
Samples: 1

Message

The DNS server has shut down.

Fields

Name	Description
`Name`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 3
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854779904
  time_created: '2022-04-07T08:38:25.939614+00:00'
  event_record_id: 22
  correlation: {}
  execution:
    process_id: 2780
    thread_id: 2212
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  Name: DNS_EVENT_SHUTDOWN
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 4 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 4
Samples: 1

Message

The DNS server has finished the background loading and signing of zones. All zones are now available for DNS updates and zone transfers, as allowed by their individual zone configuration.

Fields

Name	Description
`Name`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 4
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854775824
  time_created: '2022-04-07T08:31:21.436717+00:00'
  event_record_id: 21
  correlation: {}
  execution:
    process_id: 2780
    thread_id: 4540
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  Name: DNS_EVENT_ZONE_LOAD_COMPLETE
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 10 — The DNS server could not start because it is dependent on the NTDS service which is not started.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not start because it is dependent on the NTDS service which is not started.

Event ID 11 — The DNS server could not register dependency on %1 service.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not register dependency on %1 service.

Fields

Name	Description
`serviceName`	—
`__binLength`	—
`binary`	—

Event ID 111 — The DNS server could not create a thread.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create a thread.  System may be out of resources. You might close applications not in use, restart the DNS server or reboot your computer.  The event data is the error code.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 131 — DNS Server Zone Transfer

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server failed to initialize NetBIOS lookups to support WINSR for reverse lookup zones.  The server will continue to run but will not attempt to perform WINS reverse lookups.  This may be due to an incorrect configuration.  If WINSR lookups are not required, remove WINSR records from zone data files and reload modified zones or restart the DNS server.  If the DNS server should support WINSR reverse lookup, restart the server computer and verify that the WINS/NetBT configuration for TCP/IP client properties on the computer are correctly set.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 140 — DNS Server Service Status

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not initialize the remote procedure call (RPC) service. If it is not running, start the RPC service or reboot the computer. The event data is the error code.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 150 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 2
Samples: 1

Message

The DNS server could not load or initialize the plug-in DLL %1. The event data is the error code returned by the plug-in DLL load or initialization attempt. Please correct the plug-in error that is causing this condition or remove the plug-in from the DNS server configuration.

Fields

Name	Description
`Name`	—
`Data`	—
`Binary`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 150
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 9223372036854808576
  time_created: '2021-05-18T21:23:27.038306+00:00'
  event_record_id: 11659
  correlation: {}
  execution:
    process_id: 3880
    thread_id: 444
  channel: DNS Server
  computer: rootdc1.offsec.lan
  security:
    user_id: S-1-5-18
event_data:
  Name: DNS_EVENT_PLUGIN_INIT_FAILED
  Data:
    Name: param1
    Value: .\mimilib.dll
  Binary: fgAAAA==
message: ''

Sigma Rules

DNS Server Error Failed Loading the ServerLevelPluginDLL
Detects a DNS server error in which a specified plugin DLL (in registry) could not be loaded

References

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 403 — The DNS server could not create a Transmission Control Protocol (TCP) socket.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create a Transmission Control Protocol (TCP) socket. Restart the DNS server or reboot the computer. The event data is the error code.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 404 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 2
Samples: 1

Message

The DNS server could not bind a Transmission Control Protocol (TCP) socket to address %1. The event data is the error code.  An IP address of 0.0.0.0 can indicate a valid "any address" configuration in which all configured IP addresses on the computer are available for use. 
Restart the DNS server or reboot the computer.

Fields

Name	Description
`Name`	—
`Data`	—
`Binary`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 404
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 9223372036855824384
  time_created: '2022-04-07T16:59:58.007502+00:00'
  event_record_id: 34
  correlation: {}
  execution:
    process_id: 2320
    thread_id: 4240
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  Name: DNS_EVENT_CANNOT_BIND_TCP_SOCKET
  Data:
    Name: param1
    Value: 169.254.142.31
  Binary: QScAAA==
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 405 — The DNS server could not listen on Transmission Control Protocol (TCP) socket for address %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not listen on Transmission Control Protocol (TCP) socket for address %1. The event data is the error code.  An IP address of 0.0.0.0 can indicate a valid "any address" configuration in which all configured IP addresses on the computer are available for use. 
Restart the DNS server or reboot the computer.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 406 — The DNS server could not create a User Datagram Protocol (UDP) socket.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create a User Datagram Protocol (UDP) socket. The event data is the error code. Restart the DNS server or reboot your computer.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 407 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 2
Samples: 1

Message

The DNS server could not bind a User Datagram Protocol (UDP) socket to %1. The event data is the error code. Restart the DNS server or reboot your computer.

Fields

Name	Description
`Name`	—
`Data`	—
`Binary`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 407
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 9223372036855824384
  time_created: '2022-04-07T16:59:58.007280+00:00'
  event_record_id: 32
  correlation: {}
  execution:
    process_id: 2320
    thread_id: 4240
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  Name: DNS_EVENT_CANNOT_BIND_UDP_SOCKET
  Data:
    Name: param1
    Value: 169.254.142.31
  Binary: QScAAA==
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 408 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 2
Samples: 1

Message

The DNS server could not open socket for address %1. 
Verify that this is a valid IP address for the server computer.  If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces.  Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error.  In that case remove the DNS\Parameters\ ListenAddress value in the services section of the registry and restart.) 
 
If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port. 
 
For more information, see "DNS server log reference" in the online Help.

Fields

Name	Description
`Name`	—
`Data`	—
`Binary`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 408
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 9223372036855824384
  time_created: '2022-04-07T16:59:58.007504+00:00'
  event_record_id: 35
  correlation: {}
  execution:
    process_id: 2320
    thread_id: 4240
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  Name: DNS_EVENT_OPEN_SOCKET_FOR_ADDRESS
  Data:
    Name: param1
    Value: 169.254.142.31
  Binary: ''
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 409 — The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer. 
 
Use the DNS manager server properties, interfaces dialog, to verify and reset the IP addresses the DNS server should listen on.  For more information, see "To restrict a DNS server to listen only on selected addresses" in the online Help.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 410 — The DNS server list of restricted interfaces does not contain a valid IP address for the server computer.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server list of restricted interfaces does not contain a valid IP address for the server computer. The DNS server will use all IP interfaces on the machine. 
 
Use the DNS manager server properties, interfaces dialog, to verify and reset the IP addresses the DNS server should listen on.  For more information, see "To restrict a DNS server to listen only on selected addresses" in the online Help.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 411 — The DNS server has bound one or more socket pool sockets to port numbers from port exclusion range %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has bound one or more socket pool sockets to port numbers from port exclusion range %1.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 414 — The DNS server computer currently does not have a DNS domain name.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server computer currently does not have a DNS domain name.  Its DNS name is a single-label host name with no domain (for example:  "host" rather than "host.microsoft.com"). 
 
You might have forgotten to configure a primary DNS domain for the server computer. 
 
Because the DNS server has only a single-label name, all zones created will have default records (SOA and NS) created using only this single-label name for the server's host name.  This can lead to incorrect and failed referrals when clients and other DNS servers use these records to locate this server by name. 
 
To correct this problem: 
  1) Click Start, and then click Control Panel.
  2) Open System and Maintenance , and then open System. 
  3) Click Change Settings, and then click Change.  4) Click either Domain or Workgroup, and then type the name of the domain or  workgroup you want the computer to join; the domain or workgroup name will be used as your DNS domain name. 
  5) When prompted, restart the computer.
 
After the computer restarts, the DNS server will attempt to fix up default records, substituting the new DNS name of this server for the old single-label name.  However, you should review the zone's SOA and NS records to ensure that they now use the correct domain name of this server.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 500 — The DNS server has detected that the zone %1 has invalid or corrupted registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that the zone %1 has invalid or corrupted registry data.  To correct the problem, you can delete the applicable zone subkey, located under DNS server parameters in the registry. You can then recreate the zone using the DNS console.  For more information, see "Tuning advanced server parameters" and "Add and Remove Zones" in the online Help.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 501 — The DNS server has detected that the zone %1 has a missing or corrupted zone type in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that the zone %1 has a missing or corrupted zone type in registry data.  To correct the problem, you can delete the applicable zone subkey, located under DNS server parameters in the registry.   You can then recreate the zone using the DNS console.  For more information, see "Tuning advanced server parameters" and "Add and Remove Zones" in the online Help.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 502 — The DNS server has detected that for the primary zone %1 its has no zone file name stored in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that for the primary zone %1 its has no zone file name stored in registry data.  You can either update the zone file name or delete the zone and recreate it using the DNS console.  To delete the applicable zone from the registry, locate its subkey under DNS server parameters in the registry.  You can then recreate the zone using the DNS console.  For more information, see "To change a zone file name", "Tuning advanced server parameters" and "Add and Remove Zones" in the online Help.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 503 — The DNS server has detected that the secondary zone %1 has no master IP addresses in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that the secondary zone %1 has no master IP addresses in registry data.  Secondary zones require at least one master server to act as a source.  You can add or update the IP address for the master server for this zone using the DNS console.  For more information, see "To update the master server for a secondary zone" in the online Help.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 504 — The DNS server could not create zone %1 from registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create zone %1 from registry data.  One or more of the zone registry key values could be corrupted or the zone file is missing. Use the DNS console to replace or repair any corrupted registry key values or confirm that the zone database is available.  For more information, see "Configure zone properties" in the online Help.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 505 — The DNS server zone %1 has invalid or corrupted registry data for %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server zone %1 has invalid or corrupted registry data for %2. Use the DNS console to replace or repair any corrupted registry key values or confirm that the zone database is available.  For more information, see the online Help.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 506 — The DNS server has invalid or corrupted registry parameter %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has invalid or corrupted registry parameter %1.  To correct the problem, you can delete the applicable registry value, located under DNS server parameters in the registry.  You can then recreate it using the DNS console.  For more information, see the online Help.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 507 — The DNS server encountered invalid or corrupted forwarder parameters in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered invalid or corrupted forwarder parameters in registry data. 
 
To fix the forwarders: 
	 - connect to or open this server in DNS Manager 
	 - bring up server properties 
	 - open "Forwarders" tab 
	 - reset forwarders information to desired values 
	 - click OK 
 
For more information, see the online Help.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 706 — The DNS server does not have a cache or other database entry for root name servers.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server does not have a cache or other database entry for root name servers. 
Either the root hints file, cache.dns, or Active Directory must have at least one name server (NS) resource record, indicating a root DNS server and a corresponding host (A) resource record for that root DNS server.  Otherwise, the DNS server will be unable to contact the root DNS server on startup and will be unable to answer queries for names outside of its own authoritative zones.  To correct this problem, use the DNS console to update the server root hints.  For more information, see the online Help.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 707 — The DNS server is not root authoritative and no root hints were specified in the cache.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is not root authoritative and no root hints were specified in the cache.dns file. 
Where the server is not a root server, this file must specify root hints in the form of at least one name server (NS) resource record, indicating a root DNS server and a corresponding host (A) resource record for that root DNS server.  Otherwise, the DNS server will be unable to contact the root DNS server on startup and will be unable to answer queries for names outside of its own authoritative zones.  To correct this problem, use the DNS console to update the server root hints.  For more information, see the online Help.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 708 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 4
Samples: 1

Message

The DNS server did not detect any zones of either primary or secondary type during initialization. It will not be authoritative for any zones, and it will run as a caching-only server until a zone is loaded manually or by Active Directory replication. For more information, see the online Help.

Fields

Name	Description
`Name`	—
`Binary`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 708
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854779904
  time_created: '2022-04-07T16:56:30.583997+00:00'
  event_record_id: 29
  correlation: {}
  execution:
    process_id: 2320
    thread_id: 2848
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  Name: DNS_EVENT_CACHING_SERVER_ONLY
  Binary: ''
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 709 — The DNS server has moved the AD-integrated root hint data for all DNS servers in this domain to the %1 directory partition.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has moved the AD-integrated root hint data for all DNS servers in this domain to the %1 directory partition.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 710 — An administrator has changed the type and zone storage options of zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

An administrator has changed the type and zone storage options of zone %1. The zone is now type %2. The zone will be stored in the zone file %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 711 — An administrator has changed the type and/or Active Directory location of zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

An administrator has changed the type and/or Active Directory location of zone %1. The zone is now type %2. The zone will be stored in Active Directory at %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 712 — An administrator has changed the zone storage options for zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

An administrator has changed the zone storage options for zone %1. The zone will now be stored in the zone file %2. [virtualization instance: %3].

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 713 — An administrator has moved the zone %1 to a new location in Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

An administrator has moved the zone %1 to a new location in Active Directory. The zone will be stored in Active Directory at %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 768 — The DNS server has loaded the scope %1 of zone %2 from file %3 on server %4.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has loaded the scope %1 of zone %2 from file %3 on server %4. [virtualization instance: %5].

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`param4`	—
`VirtualizationID`	—

Event ID 769 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 4
Samples: 1

Message

The DNS server has loaded the zone %1 from file %2 on server %3. [virtualization instance: %4].

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`VirtualizationID`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 769
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854775824
  time_created: '2022-04-07T08:31:20.801344+00:00'
  event_record_id: 19
  correlation: {}
  execution:
    process_id: 2780
    thread_id: 2212
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  param1: sigma.fr
  param2: 'NULL'
  param3: WIN-FPV0DSIC9O6.sigma.fr
  VirtualizationID: .
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 770 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 4
Samples: 1

Message

A DNS server plugin DLL has been loaded from location %1 on server %2.

Fields

Name	Description
`param1`	—
`param2`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 770
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854808576
  time_created: '2021-05-18T21:33:49.548066+00:00'
  event_record_id: 11684
  correlation: {}
  execution:
    process_id: 180
    thread_id: 4116
  channel: DNS Server
  computer: rootdc1.offsec.lan
  security:
    user_id: S-1-5-18
event_data:
  param1: C:\TOOLS\Mimikatz-fev-2020\mimilib.dll
  param2: rootdc1.offsec.lan
message: ''

Sigma Rules

DNS Server Error Failed Loading the ServerLevelPluginDLL
Detects a DNS server error in which a specified plugin DLL (in registry) could not be loaded

References

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 771 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 4
Samples: 1

Message

The V1 plugin interface has been implemented in server level plugin DLL.

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 771
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854808576
  time_created: '2021-05-18T21:33:49.548062+00:00'
  event_record_id: 11683
  correlation: {}
  execution:
    process_id: 180
    thread_id: 4116
  channel: DNS Server
  computer: rootdc1.offsec.lan
  security:
    user_id: S-1-5-18
event_data: {}
message: ''

Sigma Rules

DNS Server Error Failed Loading the ServerLevelPluginDLL
Detects a DNS server error in which a specified plugin DLL (in registry) could not be loaded

References

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 772 — The V2 plugin interface has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The V2 plugin interface has been implemented in server level plugin DLL.

Event ID 773 — The V3 plugin interface to select scopes of a zone has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The V3 plugin interface to select scopes of a zone has been implemented in server level plugin DLL.

Event ID 774 — The RecursionScope plugin interface to select scope of the DNS server has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The RecursionScope plugin interface to select scope of the DNS server has been implemented in server level plugin DLL.

Event ID 775 — The CacheScope plugin interface to select scope of the DNS cache has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The CacheScope plugin interface to select scope of the DNS cache has been implemented in server level plugin DLL.

Event ID 776 — The DNS server has started to unsign the zone %1 on server %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has started to unsign the zone %1 on server %2.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 777 — The DNS server encountered an error while unsigning the zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an error while unsigning the zone %1. The error code encountered during unsigning was %2.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 784 — The key signing key with GUID %1 of zone %2 has moved to stage %3 of rollover.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The key signing key with GUID %1 of zone %2 has moved to stage %3 of rollover.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 785 — The zone signing key with GUID %1 of zone %2 has moved to stage %3 of rollover.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The zone signing key with GUID %1 of zone %2 has moved to stage %3 of rollover.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 786 — The DNS server is being started in authoritative-cache mode %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is being started in authoritative-cache mode %1. In this mode the records will be kept in cache for as long as %2 minutes and the responses from cache will be sent with same authority as that of the original response that led to their caching on this server.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 787 — Negative caching has been disabled on the server %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Negative caching has been disabled on the server %1.

Fields

Name	Description
`param1`	—

Event ID 788 — The DNS server has loaded the scope %1 of server %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has loaded the scope %1 of server %2.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 789 — The DNS server has loaded the virtualization instance.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has loaded the virtualization instance: %1.

Fields

Name	Description
`VirtualizationID`	—

Event ID 790 — The EDNS option code %1 for scope transaction is invalid or conflicts with the configuration of another EDNS option.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The EDNS option code %1 for scope transaction is invalid or conflicts with the configuration of another EDNS option. The default value i.e. %2 will be used.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 791 — The ScopeOptionValue has been set to %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The ScopeOptionValue has been set to %1.  This option ID will be used to pass the scope information to forwarders via an OPT RR.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 792 — Failed to load server level policy %1 of server %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load server level policy %1 of server %2.

Fields

Name	Description
`Policy`	—
`Server`	—

Event ID 793 — Failed to load zone level policy %1 of zone %3 on server %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load zone level policy %1 of zone %3 on server %2.

Fields

Name	Description
`Policy`	—
`Server`	—
`Zone`	—

Event ID 794 — Failed to load zone level policy %1 of zone %3 on server %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load zone level policy %1 of zone %3 on server %2. The scope %4 used by policy is absent on the zone. Please configure the scope and recreate the policy.

Fields

Name	Description
`Policy`	—
`Server`	—
`Zone`	—
`Scope`	—

Event ID 795 — Failed to load server level policy %1 on server %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load server level policy %1 on server %2. The scope %3 used by policy is absent on the server. Please configure the scope and recreate the policy.

Fields

Name	Description
`Policy`	—
`Server`	—
`Scope`	—

Event ID 796 — Failed to load the client subnet %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load the client subnet %1.

Fields

Name	Description
`ClientSubnetRecord`	—

Event ID 797 — Failed to load a server level policy of server %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load a server level policy of server %1. An error was encountered while trying to access the registry.

Fields

Name	Description
`Server`	—

Event ID 798 — Failed to load a zone level policy of zone %2 on server %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load a zone level policy of zone %2 on server %1. An error was encountered while trying to access the registry.

Fields

Name	Description
`Server`	—
`Zone`	—

Event ID 799 — Failed to load client subnets on server %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load client subnets on server %1. An error was encountered while trying to access the registry.

Fields

Name	Description
`Server`	—

Event ID 800 — The zone %1 is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The zone %1 is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot  be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 801 — Failed to load Response Rate Limiting parameters on server %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load Response Rate Limiting parameters on server %1. An error was encountered while trying to access the registry.

Fields

Name	Description
`Server`	—

Event ID 802 — Failed to enable Response Rate Limiting on server %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to enable Response Rate Limiting on server %1.

Fields

Name	Description
`Server`	—

Event ID 803 — The EDNS option code %1 for the virtualization instance option is invalid or conflicts with the configuration of another EDNS option.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The EDNS option code %1 for the virtualization instance option is invalid or conflicts with the configuration of another EDNS option. The default value i.e. %2 will be used.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 804 — Failed to load virtualization instance.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load virtualization instance: %1. None of the zones in this virtualization instance will be loaded.

Fields

Name	Description
`VirtualizationID`	—

Event ID 805 — Failed to read the virtualization instance from registry.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to read the virtualization instance from registry.

Event ID 806 — The VirtualizationInstanceOptionValue has been set to %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The VirtualizationInstanceOptionValue has been set to %1. This option ID will be used to identify the virtualization instance on the DNS server.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 807 — The DNS server received indication that scope %1 of zone %2 was deleted from the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server received indication that scope %1 of zone %2 was deleted from the Active Directory.  Since this scope was an Active Directory integrated scope, it has been deleted from the DNS server.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 808 — The V6 plugin interface has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The V6 plugin interface has been implemented in server level plugin DLL.

Event ID 809 — The EDNS option code %1 for the DNS data tag is invalid or conflicts with the configuration of another EDNS option.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The EDNS option code %1 for the DNS data tag is invalid or conflicts with the configuration of another EDNS option. The default value i.e. %2 will be used.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 817 — The DataTagOptionValue has been set to %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DataTagOptionValue has been set to %1. This option ID will be used to store and transmit an opaque 8 byte DNS data tag associated with a DNS node.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 818 — The throttle plugin interface has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The throttle plugin interface has been implemented in server level plugin DLL.

Event ID 819 — The CorrelationTagOptionValue has been set to %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The CorrelationTagOptionValue has been set to %1.  This option will be included in detailed tracing query and response events.

Fields

Name	Description
`param1`	—

Event ID 820 — The logging plugin interface has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The logging plugin interface has been implemented in server level plugin DLL.

Event ID 821 — The init query plugin interface has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The init query plugin interface has been implemented in server level plugin DLL.

Event ID 822 — Successfully started HTTP server for DNS-over-HTTPS (DoH) server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Successfully started HTTP server for DNS-over-HTTPS (DoH) server. The DoH server is listening on following URL(s):
%1

Fields

Name	Description
`param1`	—

Event ID 823 — The DNS server could not initialize the HTTP server for DNS-over-HTTPS (DoH) and failed with error code %1lu.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not initialize the HTTP server for DNS-over-HTTPS (DoH) and failed with error code %1lu.

Fields

Name	Description
`param1`	—

Event ID 824 — The DNS server could not create the HTTP server session for DNS-over-HTTPS (DoH) and failed with error code %1lu.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create the HTTP server session for DNS-over-HTTPS (DoH) and failed with error code %1lu.

Fields

Name	Description
`param1`	—

Event ID 825 — The DNS server could not register the URL for the DNS-over-HTTPS (DoH) server and failed with error code %1lu.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not register the URL for the DNS-over-HTTPS (DoH) server and failed with error code %1lu.

Fields

Name	Description
`param1`	—

Event ID 826 — The DNS server could not create the HTTP request queue for DNS-over-HTTPS (DoH) and failed with error code %1lu.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create the HTTP request queue for DNS-over-HTTPS (DoH) and failed with error code %1lu.

Fields

Name	Description
`param1`	—

Event ID 827 — The configuration for DNS-over-HTTPS (DoH) server are.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The configuration for DNS-over-HTTPS (DoH) server are:
%1

Fields

Name	Description
`param1`	—

Event ID 828 — The DNS-over-HTTPS (DoH) server has shut down gracefully.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS-over-HTTPS (DoH) server has shut down gracefully.

Event ID 829 — The DNS-over-HTTPS (DoH) server has shut down due to an error and failed with error code %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS-over-HTTPS (DoH) server has shut down due to an error and failed with error code %1.

Fields

Name	Description
`errorCode`	—

Event ID 1000 — The DNS server could not open the file %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not open the file %1.  Check that the file exists in the %SystemRoot%\System32\Dns directory and that it contains valid data. The event data is the error code.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 1001 — The DNS server could not map file %1 to memory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not map file %1 to memory.  Either close other applications that are not in use or reboot the computer to reclaim additional memory for the server to use.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 1003 — DNS Server RPC Protocol Initialization

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not find or open the root hints file, Cache.dns, in the %SystemRoot%\System32\Dns directory.  Verify that this file is located in this directory and that it contains at least one name server (NS) resource record, indicating a root DNS server and a corresponding host (A) resource record for that server.  For more information, see the online Help.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 1004 — The DNS server could not find or open zone file %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not find or open zone file %1.  in the %SystemRoot%\System32\Dns directory.  Verify that the zone file is located in this directory and that it contains valid data.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 1008 — The DNS server was unable to create the path for file %1 in directory %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to create the path for file %1 in directory %2. The specified path is too long.  Choose a different path.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1200 — The DNS server could not find or open boot file %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not find or open boot file %1.  This file should be called 'Boot' and be located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 1201 — The DNS server could not create zone %1 specified in file %2 at line %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create zone %1 specified in file %2 at line %3.  Check that the zone file is located in the %SystemRoot%\System32\Dns directory and that it contains valid data.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1202 — The DNS server encountered an unsupported 'directory' directive in the server boot file %1 at line %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an unsupported 'directory' directive in the server boot file %1 at line %2. 
All database files must be located in the "%SystemRoot%\system32\dns" directory. The directory directive is ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1203 — The DNS server encountered a 'forwarders' directive in with no forwarding addresses in file %1 at line %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a 'forwarders' directive in with no forwarding addresses in file %1 at line %2.  Although the DNS server will continue running it will not be able to forward unresolved queries to the forwarders.  To correct the problem, in the DNS console select the server in the console tree, then from the Action menu, click Properties and click the Forwarders tab.  Add IP addresses for forwarders.  For more information, see "Using forwarders" in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1205 — The DNS server encountered an unknown boot option %1 in file %2 at line %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an unknown boot option %1 in file %2 at line %3. The option is ignored.  You may want to remove it the option from the boot file which is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1206 — DNS server encountered missing database directory name, in file %1, line %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

DNS server encountered missing database directory name, in file %1, line %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1501 — The DNS server could not parse zone file %1 for zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not parse zone file %1 for zone %2.  Check that the zone file is located in the %SystemRoot%\System32\Dns directory and that it contains valid data.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1502 — The DNS server could not parse the token ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not parse the token "%1" in zone file %2 at line %3. Although the DNS server will continue to load, ignoring this token, it is recommended that you either correct the token or remove this resource record from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1503 — The DNS server could not parse the zone file %1 at line %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not parse the zone file %1 at line %2.  Although the DNS server continues to load, ignoring this line, it is recommended that you either correct the line or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1504 — The DNS server could not parse an unexpected token ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not parse an unexpected token "%1" in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this token, it is recommended that you either correct the token or remove the resource record from the zone file, which is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1505 — The DNS server unexpected end of line, in zone file %1 at line %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server unexpected end of line, in zone file %1 at line %2.  To correct the problem, fix this line in the zone file, which is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1506 — The DNS server encountered invalid token ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered invalid token "%1" in zone file %2 at line %3. Although the DNS server continues to load, ignoring this token, it is recommended that you either correct the token or remove this resource record from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1507 — The DNS server encountered invalid class token ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered invalid class token "%1" in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this resource record (RR), it is recommended that you either correct the class of the RR to use the Internet (IN) class or remove the resource record from the zone file. The DNS server supports only the Internet (IN) class in RRs.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1508 — The DNS server is ignoring an invalid resource record in zone file %1 at line %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is ignoring an invalid resource record in zone file %1 at line %2. 
See the previously logged event for a description of the error. 
Although the DNS server continues to load, ignoring this RR, it is recommended that you investigate the error associated with this record and either correct it or remove it from the zone file.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1520 — The DNS server encountered the unknown directive '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered the unknown directive '%1' in file %2 at line %3. The directive was ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1521 — The DNS server encountered the unsupported directive '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered the unsupported directive '%1' in file %2 at line %3. The directive was ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1522 — The DNS server encountered the obsolete directive '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered the obsolete directive '%1' in file %2 at line %3. The directive was ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1523 — The DNS server encountered the directive '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered the directive '%1' in file %2 at line %3. The directive is not yet supported and was ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1524 — DNSSEC signatures with key tag %1, associated with records in zone %2, have expired.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

DNSSEC signatures with key tag %1, associated with records in  zone %2, have expired.  Name resolution will fail for resolvers that require validation until new signatures are created.  To create new signatures, re-sign the zone.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1525 — DNSSEC signatures with key tag %1, associated with records in zone %2, will expire on %3 (UTC time).

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

DNSSEC signatures with key tag %1, associated with records in zone %2, will expire on %3 (UTC time). Once the signatures expire, name resolution will fail for resolvers that require validation  until new signatures are created.  To create new signatures, re-sign the zone.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1540 — The DNS server unable to create domain node.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server unable to create domain node.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 1541 — The DNS server encountered invalid domain name ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered invalid domain name "%1" in zone file %2 at line %3. Although the DNS server continues to load, ignoring this name, it is strongly recommended that you either correct the name or remove the resource record from the zone file, which is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1542 — The DNS server encountered invalid domain name ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered invalid domain name "%1".

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 1543 — The DNS server encountered domain name ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered domain name "%1" exceeding maximum length. Although the DNS server continues to load, ignoring this name, it is recommended that you either correct the name or remove the resource record from the zone file, which is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 1544 — The DNS server encountered an invalid "@" token ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid "@" token "%1" in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this token, it is recommended that you either correct the token or remove the resource record from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1545 — The DNS server encountered a name outside of the specified zone in zone file %1 at line %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a name outside of the specified zone in zone file %1 at line %2.  Although the DNS server continues to load, ignoring this resource record (RR), it is recommended that you either correct the RR or remove it from the zone file, which is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1546 — The DNS server encountered an invalid name server (NS) resource record in zone file %1 at line %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid name server (NS) resource record in zone file %1 at line %2.  The use of NS resource records (RR) must be at either the zone root node or be placed at at the sub-zone context within the zone for a domain being delegated away from this zone. Although the DNS server continues to load, ignoring this RR, it is recommended that you either correct the RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.  For more information, see "Delegating zones" in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1547 — The DNS server encountered an invalid host (A) resource record in zone file %1 at line %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid host (A) resource record in zone file %1 at line %2.  The use of A resource records (RRs) must be at a domain name within the zone, with the exception of glue A RRs which are used to resolve the host name specified in an NS RR also contained at the same domain node and used for a zone delegation.  Although the DNS server continues to load, ignoring this RR, it is strongly recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.  For more information, see "Delegating zones" in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1600 — The DNS server encountered an unknown or unsupported resource record (RR) type %1 in zone file %2 at line %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an unknown or unsupported resource record (RR) type %1 in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this RR, it is recommended that you either correct the record type or remove this RR from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1601 — DNS server encountered the obsolete record type %1 in database file %2, line %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

DNS server encountered the obsolete record type %1 in database file %2, line %3. 
The record was ignored. 
 
MD or MF record types are obsolete.  They should be converted to MX record type which has the format:   MX <preference value> <mail server domain name> 
Example: 
	microsoft.com   MX 10 mai1.microsoft.com. 
 
For more information, see the "Resource records reference" in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1602 — The DNS server encountered an invalid SOA (Start Of Authority) resource record (RR) in file %1 at line %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid SOA (Start Of Authority) resource record (RR) in file %1 at line %2. 
An SOA record is required in every zone files and must satify the following conditions: 
 1)  The SOA record must be the first record in the zone file. 
 2)  The SOA record must belong to the root of the zone ("@" in zone file). 
 3)  Only one SOA is allowed in the zone. 
 4)  SOA records are NOT valid in root-hints (cache.dns) file. 
 
To correct the problem modify or repair the SOA RR in zone file %1, which can be found in the %SystemRoot%\System32\Dns directory. For more information, see the "Resource records reference" in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1610 — The DNS server encountered a resource record (RR) in the zone file %1 at line %2 for a domain name with an existing CNAME (alias) RR.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a resource record (RR) in the zone file %1 at line %2 for a domain name with an existing CNAME (alias) RR.  Where used, CNAME RRs must be the only RR for the domain name they are used to provide an alias for.  Either this RR, or the CNAME RR it conflicts with, needs to be deleted from zone file %1, which can be found in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1611 — The DNS server encountered a CNAME (alias) resource record (RR) in zone file %1 at line %2 for a domain name with existing RRs.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a CNAME (alias) resource record (RR) in zone file %1 at line %2 for a domain name with existing RRs.  Where used, CNAME RRs must be the only RR for the domain name they are used to provide an alias for.  Either this CNAME RR, or the one it conflicts with, needs to be deleted from zone file %1, which can be found in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1612 — The DNS server encountered an alias (CNAME or DNAME) resource record (RR) in zone file %1 at line %2 that forms an alias loop with another alias RR...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an alias (CNAME or DNAME) resource record (RR) in zone file %1 at line %2 that forms an alias loop with another alias RR in the zone.  One of the alias RRs forming the loop must be removed from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1613 — The DNS server encountered an invalid preference value ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid preference value "%1" in zone file %2 at line %3.  The preference must be a valid 16-bit unsigned integer. To correct the problem, modify the preference field to a valid value. The zone file %2 is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1614 — The DNS server encountered a token ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a token "%1" of the wrong format in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this resource record (RR), it is recommended that you either correct this RR or remove it from zone file %2, located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1616 — The DNS server encountered a text string ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a text string "%1" in zone file %2 at line %3 that exceeds the maximum permissible length.  Although the DNS server continues to load, ignoring this resource record (RR), it is strongly recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1617 — The DNS server encountered an invalid IP address ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid IP address "%1" in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this resource record (RR), it is recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1618 — The DNS server encountered an invalid IPv6 address ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid IPv6 address "%1" in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this resource record (RR), it is recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1619 — The DNS server could not find protocol ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not find protocol "%1" specified for the well known service (WKS) resource record (RR) in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this RR, it is strongly recommended that you either correct this WKS RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1620 — The DNS server could not find the service ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not find the service "%1" specified for the well known service (WKS) resource record (RR) in zone file %2 at line %3. Although the DNS server continues to load, ignoring this RR, it is recommended that you either correct this WKS RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1621 — The DNS server encountered the port ".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered the port "%1" specified for the well known service (WKS) resource record (RR) in zone file %2 at line %3. This port exceeds the maximum port supported for the WKS RR.  Although the DNS server continues to load, ignoring this RR, it is strongly recommended that you either correct this WKS RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1650 — The DNS server encountered invalid WINS record in file %1, line %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered invalid WINS record in file %1, line %2. 
 
WINS records are subject to the following conditions: 
  1) WINS record must be in forward lookup zone (not in in-addr.arpa domain). 
  2) Only one WINS record may be specified in a zone file. 
  3) WINS record must belong to the zone root (the WINS record name must be the origin of the zone).  If WINS lookup is desired for names in a sub-domain of the zone, then the sub-domain must be split into its own zone. 
  4) WINS record must specify at least one WINS server. 
 
The format of a WINS record: 
WINS [LOCAL] [L<lookup timeout>] [C<cache timeout>] <WINS IP> [WINS IPs...] 
 
Examples (zone root assumed to be current origin): 
@ IN       WINS LOCAL L1 C10 10.10.10.1 10.10.10.2 10.10.10.3 
@ IN       WINS 10.10.10.1 
 
For more information, see "Using WINS lookup" in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1651 — The DNS server encountered an invalid WINS reverse lookup (WINSR) resource record (RR) in file %1 at line %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid WINS reverse lookup (WINSR) resource record (RR) in file %1 at line %2. 
 
WINSR records are subject to the following conditions: 
  1) WINSR record must be in reverse lookup zone (under in-addr.arpa domain). 
  2) Only one WINSR record may be specified in a zone file. 
  3) WINSR record must belong to the zone root (the WINS record name must be the origin of the zone). 
  4) WINSR record must specify at domain for the resulting name. 
 
The format of a WINSR record: 
WINSR [LOCAL] [L<lookup timeout>] [C<cache timeout>] <result domain> 
 
Examples (zone root assumed to be current origin): 
@ IN       WINSR LOCAL L1 C10 microsoft.com. 
@ IN       WINSR wins.microsoft.com. 
 
For more information, see "Using WINS lookup" in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 1654 — The DNS server encountered an unknown WINS-to-DNS mapping flag %1 in file %2 at line %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an unknown WINS-to-DNS mapping flag %1 in file %2 at line %3.  Although the DNS server continues to load, ignoring this flag, it is recommended that you either correct the associated resource record or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 1656 — The DNS server encountered a WINS reverse lookup (WINSR) resource record (RR) without a domain specified for resulting names in zone file %1 at lin...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a WINS reverse lookup (WINSR) resource record (RR) without a domain specified for resulting names in zone file %1 at line %2.  This field is required for mapping names that are found in WINS reverse lookup to fully-qualified DNS domain names.  It is appended to the NetBIOS computer names resolved by NetBIOS adapter status queries. Although the DNS server will continue to load, ignoring this RR, it is recommended that you either correct the WINSR RR or disable WINS reverse lookup and/or remove the RR from the zone file. The zone file is located in the %SystemRoot%\System32\Dns directory. For more information, see "Using WINS lookup" in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 2001 — The DNS server is now booting from the registry or directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is now booting from the registry or directory. The existing server boot file will no longer be read by the DNS server at startup. For any new zones that you add or for changes you make to zone information, you must make them using the DNS console. 
The previous DNS server boot file has been moved to the %SystemRoot%\System32\Dns\backup directory. 
To return to using a boot file, use the DNS console and reconfigure the boot method for the server.  For more information, see "To change the boot method used by the DNS server" in the online Help.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 2002 — The DNS server has written a new version of the boot file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has written a new version of the boot file.  Either new zones or changes to existing zone information were made through the DNS console that required the DNS server to update the information in this file.  A copy of the previous boot file has been moved to the %SystemRoot%\System32\Dns\backup directory.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 2003 — The DNS server encountered an error writing current configuration back to boot file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an error writing current configuration back to boot file. Verify that the current boot file contains all of the desired information. The Boot file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 2005 — The DNS server has been reconfigured to boot from a boot file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has been reconfigured to boot from a boot file.  Current server and zone configuration information has been written to this file. 
To return to booting from the registry or Active Directory, use the DNS console and reconfigure the boot method for the server.  For more information, see "To change the boot method used by the DNS server" in the online Help.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 2200 — The DNS server could not open a registry key.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not open a registry key.  Reinstall the DNS server if it was not able to be started.  If the DNS server started, but couldn't load a zone, reload the zone or restart the DNS server.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 2202 — The DNS server could not write a registry key.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not write a registry key.  The server disk could be full or corrupted or the maximum permissible size for the server registry has been reached.  The DNS server will not be able to save server or zone configuration parameters to in the registry unless the problem is fixed.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 2203 — The DNS server could not delete a registry key.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not delete a registry key.  The registry is likely corrupted.  The DNS server will not be able to save DNS server or zone configuration parameters in the registry unless the problem is fixed.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 2204 — The registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\%1 contains an invalid value or could not be read. The DNS server cannot start. You must change this value to valid data or delete it and then attempt to restart the DNS service.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 2501 — The DNS server has completed a scavenging cycle: Visited Zones = %1, Visited Nodes = %2, Scavenged Nodes = %3, Scavenged Records = %4.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has completed a scavenging cycle: 
Visited Zones     = %1, 
Visited Nodes     = %2, 
Scavenged Nodes   = %3, 
Scavenged Records = %4. 
 
This cycle took %5 seconds. 
 
The next scavenging cycle is scheduled to run in %6 hours. 
 
The event data will contain the error code if there was an error during the scavenging cycle.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`param4`	—
`param5`	—
`param6`	—
`__binLength`	—
`binary`	—

Event ID 2502 — The DNS server has completed a scavenging cycle but no nodes were visited.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has completed a scavenging cycle but no nodes were visited. Possible causes of this condition include: 
 
  1) No zones are configured for scavenging by this server. 
  2) A scavenging cycle was performed within the last %1 minutes. 
  3) An error occurred during scavenging. 
 
The next scavenging cycle is scheduled to run in %2 hours. 
 
The event data will contain the error code if there was an error during the scavenging cycle.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 2630 — DNS Server Configuration

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not configure the network connections of this computer with the local computer's IP address as the preferred DNS server, because this computer is connected to networks with different or invalid DNS namespaces. Manual configuration of the local DNS server to perform name resolution on one or more of the namespaces is required before the preferred DNS servers of this computer should be modified. 
 
If the network connections of this computer are not configured with the local computer's IP address as the preferred DNS server, this computer may not be able to dynamically register DC locator records in DNS. Absence of these records may prevent other Active Directory domain controllers and domain members from locating this domain controller. 
 
User Action: 
 
Ensure that DC locator DNS records enumerated in the file %SystemRoot%\system32\config\netlogon.dns are registered on the local DNS server. If these records are not registered in DNS: 
a) Add a delegation to this DNS server to parent DNS zone matching the name of the Active Directory domain OR 
b) Configure the local DNS server with appropriate root hints and forwarders (if necessary) and configure the network connections of this computer with the local computer's IP address as the preferred DNS server. Note that other computers using other DNS servers as their preferred or alternate DNS servers may not be able to locate this domain controller, unless the DNS infrastructure is properly configured.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 2631 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 4
Samples: 1

Message

The DNS server successfully autoconfigured: 
	%1 
	%2 
	%3 
	%4

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`param4`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 2631
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854779904
  time_created: '2022-04-07T08:13:51.349882+00:00'
  event_record_id: 2
  correlation: {}
  execution:
    process_id: 2208
    thread_id: 4676
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  param1: DNS server root hints
  param2: DNS server forwarders
  param3: DNS resolver
  param4: ''
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3150 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 4
Samples: 1

Message

The DNS server wrote version %1 of zone %2 to file %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 3150
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854775824
  time_created: '2022-04-07T08:14:09.727051+00:00'
  event_record_id: 5
  correlation: {}
  execution:
    process_id: 2208
    thread_id: 7088
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6
  security:
    user_id: S-1-5-18
event_data:
  param1: '2'
  param2: sigma.fr
  param3: sigma.fr.dns
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3151 — The DNS server unable to write zone file %1 for zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server unable to write zone file %1 for zone %2.  Most likely the server disk is full.  Free some disk space and re-initiate zone write.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 3152 — The DNS server was unable to open file %1 for write.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to open file %1 for write.  Most likely the file is a zone file that is already open.  Close the zone file and re-initiate zone write.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 3153 — The DNS server encountered an error writing to file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an error writing to file.  Most likely the server disk is full.  Free some disk space at the server and re-initiate zone write. The event data is the error code.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 3162 — The DNS server encountered an unknown protocol writing a well known service (WKS) resource record to the zone file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an unknown protocol writing a well known service (WKS) resource record to the zone file. The event data is applicable the protocol number.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 3163 — While writing a well known service (WKS) record to the zone file, the DNS server encountered a port number that is not associated with a known serv...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

While writing a well known service (WKS) record to the zone file, the DNS server encountered a port number that is not associated with a known service. The event data is the port number of the unknown service.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 4000 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 2
Samples: 1

Message

The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Fields

Name	Description
`Name`	—
`Binary`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 4000
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 9223372036854841344
  time_created: '2022-04-07T16:54:41.266037+00:00'
  event_record_id: 26
  correlation: {}
  execution:
    process_id: 2320
    thread_id: 2848
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  Name: DNS_EVENT_DS_OPEN_FAILED
  Binary: KiMAAA==
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 4001 — The DNS server was unable to open zone %1 in the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to open zone %1 in the Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 4002 — The DNS server was unable to add zone %1 to the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to add zone %1 to the Active Directory.  Check that the Active Directory is available.  Note that the zone will not be be added to and written to the directory unless you re-attempt adding the zone using the DNS console.  The event data contains the error. For more information see "Add and Remove Zones" in the online Help.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 4003 — The DNS server was unable to delete zone %1 in the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to delete zone %1 in the Active Directory.  Check that the Active Directory is functioning properly.  Note that this zone will not be removed from the directory unless you retry deleting of the zone using the DNS console. The event data contains the error. For more information see "Add and Remove Zones" in the online Help.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 4004 — The DNS server was unable to complete directory service enumeration of zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to complete directory service enumeration of zone %1.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "%2". The event data contains the error.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 4005 — The DNS server received indication that zone %1 was deleted from the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server received indication that zone %1 was deleted from the Active Directory.  Since this zone was an Active Directory integrated zone, it has been deleted from the DNS server.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 4006 — The DNS server could not load the records for the DNS name %1 found in the Active Directory integrated zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not load the records for the DNS name %1 found in the Active Directory integrated zone %2. A possible cause is that this DNS name contains character(s) not permitted by the name-checking setting on this DNS server. 
 
To allow these records to be loaded choose the appropriate name-checking  setting on the DNS server. 
 
To delete these records from the Active Directory, first allow the DNS server to load them by changing the name-checking setting on this DNS server to allow all names. Then restart the DNS server service to cause the records to be loaded. The records will now appear in the DNS Manager and may be deleted. When the records have been deleted, restore the DNS server name-checking setting to the preferred value.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 4007 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 2
Samples: 1

Message

The DNS server was unable to open zone %1 in the Active Directory from the application directory partition %2. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Fields

Name	Description
`param1`	—
`param2`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 4007
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 9223372036854906880
  time_created: '2022-04-07T16:55:35.860770+00:00'
  event_record_id: 28
  correlation: {}
  execution:
    process_id: 2320
    thread_id: 2848
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  param1: _msdcs.sigma.fr
  param2: ForestDnsZones.sigma.fr
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 4010 — The DNS server was unable to create a resource record for %1 in zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to create a resource record for  %1 in zone %2. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 4011 — The DNS server was unable to add or write an update of domain name %1 in zone %2 to the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to add or write an update of domain name %1 in zone %2 to the Active Directory.  Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is "%3". The event data contains the error.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 4012 — The DNS server timed out attempting to write resource records to the Active Directory at %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server timed out attempting to write resource records to the Active Directory at %1.  Check that the directory is functioning properly and add or update the records using the DNS console. The event data contains the error.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 4013 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 3
Samples: 1

Message

The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

Fields

Name	Description
`Name`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 4013
  version: 0
  level: 3
  task: 0
  opcode: 0
  keywords: 9223372036854906880
  time_created: '2022-04-07T16:53:29.562920+00:00'
  event_record_id: 24
  correlation: {}
  execution:
    process_id: 2320
    thread_id: 2848
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  Name: DNS_EVENT_DS_OPEN_WAIT
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 4014 — The DNS server was unable to initialize Active Directory security interfaces.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to initialize Active Directory security interfaces. Check that the Active Directory is functioning properly and restart the DNS server. The event data contains the error.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 4015 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 2
Samples: 1

Message

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "%1". The event data contains the error.

Fields

Name	Description
`Name`	—
`Data`	—
`Binary`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 4015
  version: 0
  level: 2
  task: 0
  opcode: 0
  keywords: 9223372036854906880
  time_created: '2022-04-07T16:59:32.615235+00:00'
  event_record_id: 31
  correlation: {}
  execution:
    process_id: 2320
    thread_id: 764
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  Name: DNS_EVENT_DS_INTERFACE_ERROR
  Data:
    Name: param1
    Value: ''
  Binary: UQAAAA==
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 4016 — The DNS server timed out attempting an Active Directory service operation on %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server timed out attempting an Active Directory service operation on %1.  Check Active Directory to see that it is functioning properly. The event data contains the error.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 4017 — The DNS server was unable to load or create the DnsAdmins group.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to load or create the DnsAdmins group. The most likely cause is that the Group Name has been changed. The DNS server will continue but for full functionality the DnsAdmins group should be repaired. The event data contains the error.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 4018 — The DNS server was unable to begin background loading of Active Directory-integrated zones.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to begin background loading of Active Directory-integrated zones. There may be a system resource problem. The DNS server service will now terminate. The event data contains the error.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 4019 — The DNS server attempted to load the Active Directory-integrated zone %1 in the background but there was an error during load.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server attempted to load the Active Directory-integrated zone %1 in the background but there was an error during load. This zone will now be shut down. Correct the error and restart the DNS server service. The event data contains the error.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 4020 — The DNS server is now starting to load zone %1 in the background.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is now starting to load zone %1 in the background. While the zone is being loaded all DNS updates and zone transfer requests will be refused.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 4021 — The DNS server has completed background loading of zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has completed background loading of zone %1. The zone is now available for updates and zone transfers if allowed by the zone's configuration. It took %2 seconds to load the zone.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 4400 — The DNS server is experiencing high SOA query load.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is experiencing high SOA query load. This may be caused by a large number of local client machines performing updates. Single object replication of DNS records corresponding to SOA queries is being throttled. This may delay replication of updates to this RODC DNS server, however scheduled replication will not be affected.

Event ID 4401 — The DNS server is experiencing high SOA query load.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is experiencing high SOA query load. This may be caused by a large number of local client machines performing updates. Single object replication of DNS records corresponding to SOA queries is being throttled. This may delay replication of updates to this RODC DNS server, however scheduled replication will not be affected.

Event ID 4500 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 4
Samples: 1

Message

The DNS Application Directory Partition %1 was created. The distinguished name of the root of this Directory Partition is %2.

Fields

Name	Description
`param1`	—
`param2`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 4500
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854906880
  time_created: '2022-04-07T08:15:14.778973+00:00'
  event_record_id: 14
  correlation: {}
  execution:
    process_id: 2732
    thread_id: 4188
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  param1: ForestDnsZones.sigma.fr
  param2: DC=ForestDnsZones,DC=sigma,DC=fr
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 4501 — The DNS Application Directory Partition %1 was deleted.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS Application Directory Partition %1 was deleted. The distinguished name of the root of this Directory Partition was %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 4502 — The DNS added the local Active Directory to the replication scope of Application Directory Partition %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS added the local Active Directory to the replication scope of Application  Directory Partition %1. The distinguished name of the root of this Directory Partition is %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 4503 — The DNS removed the local Active Directory from the replication scope of Application Directory Partition %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS removed the local Active Directory from the replication scope of Application  Directory Partition %1. The distinguished name of the root of this Directory Partition is %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 4510 — The DNS server was unable to connect to the domain naming FSMO %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to connect to the domain naming FSMO %1. No modifications to Directory Partitions are possible until the FSMO server is available for LDAP connections. The event data contains the error code.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 4511 — The zone %1 was not successfully saved to the new directory partition as %2 due to an error deleting the zone from the old directory partition as %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The zone %1 was not successfully saved to the new directory partition as %2 due to an error deleting the zone from the old directory partition as %3.  The DNS Server has attempted to undo the changes, but manual cleanup of the zone may be required. The event data contains the error code.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 4512 — The DNS server was unable to create the built-in directory partition %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to create the built-in directory partition %1. The error was %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 4513 — The DNS server detected that it is not enlisted in the replication scope of the directory partition %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server detected that it is not enlisted in the replication scope of the directory partition %1. This prevents the zones that should be replicated to all DNS servers in the %2 forest from replicating to this DNS server. 
 
To create or repair the forest-wide DNS directory partition, open the DNS  console. Right-click the applicable DNS server, and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information, see 'To create the default DNS application directory partitions' in Help and Support. 
 
The error was %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 4514 — The DNS server detected that it is not enlisted in the replication scope of the directory partition %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server detected that it is not enlisted in the replication scope of the  directory partition %1. This prevents the zones that should be replicated to all DNS servers in the %2 domain from replicating to this DNS server. For information on how to add a DNS server to the replication scope of an application directory partition, please see Help and Support. 
 
To create or repair the domain-wide DNS directory partition, open the DNS  console. Right-click the applicable DNS server, and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information, see 'To create the default DNS application directory partitions' in Help and Support. 
 The error was %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 4515 — The zone %1 was previously loaded from the directory partition %2 but another copy of the zone has been found in directory partition %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The zone %1 was previously loaded from the directory partition %2 but another copy of the zone has been found in directory partition %3. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible. 
 
If an administrator has moved this zone from one directory partition to another this may be a harmless transient condition. In this case, no action is necessary. The deletion of the original copy of the zone should soon replicate to this server. 
 
If there are two copies of this zone in two different directory partitions but this is not a transient caused by a zone move operation then one of these copies should be deleted as soon as possible to resolve this conflict. 
 
To change the replication scope of an application directory partition containing DNS zones and for more details on storing DNS zones in the application directory partitions, please see Help and Support.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 4520 — The DNS server encountered error %1 building the zone list from Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered error %1 building the zone list from Active Directory. The DNS server will sleep for %2 seconds and try again. This can be caused by high Active Directory load and may be a transient condition.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 4521 — The DNS server encountered error %1 attempting to load zone %2 from Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered error %1 attempting to load zone %2 from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 4522 — The DNS server has deleted all records for a corrupt DNS node from Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has deleted all records for a corrupt DNS node from Active Directory. The DNS node's distinguished name was %1.

Fields

Name	Description
`param1`	—

Event ID 4523 — The DNS server has detected that the application directory partition %1 is replicating onto this domain controller.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that the application directory partition %1 is replicating onto this domain controller. DNS data will not be loaded from this new directory partition until initial replication has completed.

Fields

Name	Description
`param1`	—

Event ID 4524 — DNS Server Autoconfiguration

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that the application directory partition %1 has finished replicating onto this domain controller. DNS data will now be loaded from this directory partition.

Fields

Name	Description
`param1`	—

Event ID 5051 — The DNS server is using a large amount of memory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is using a large amount of memory.  The data is the current memory allocated.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 5105 — The DNS server attempted to cache an CNAME (alias) resource record for the domain node.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server attempted to cache an CNAME (alias) resource record for the domain node.  The operation failed, since the CNAME RR must be the only RR for its domain name.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 5106 — The DNS server attempted to cache an CNAME (alias) resource record (RR) for a domain name with existing RRs.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server attempted to cache an CNAME (alias) resource record (RR) for a domain name with existing RRs.  The CNAME RR is ignored, since it must be the only RR for its domain name.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 5107 — The DNS server created CNAME (alias) loop caching CNAME resource records (RRs).

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server created CNAME (alias) loop caching CNAME resource records (RRs).  The record is ignored, since CNAME loops are not allowed.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 5108 — The DNS server created an CNAME (alias) loop loading CNAME at %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server created an CNAME (alias) loop loading CNAME at %1. One link in CNAME loop:  DNS name %2 is an alias for CNAME %3. See adjoining messages for other links in the CNAME loop.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 5500 — The DNS server received a bad DNS query from %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server received a bad DNS query from %1.  The query was rejected or ignored. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 5501 — The DNS server encountered a bad packet from %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a bad packet from %1.  Packet processing leads beyond packet length. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 5502 — The DNS server received a bad TCP-based DNS message from %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server received a bad TCP-based DNS message from %1.  The packet was rejected or ignored. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 5504 — The DNS server encountered an invalid domain name in a packet from %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid domain name in a packet from %1. The packet will be rejected. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 5505 — The DNS server encountered a domain name exceeding the maximum length in the packet from %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a domain name exceeding the maximum length in the packet from %1. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 5506 — The DNS server encountered an invalid domain name offset in a packet from %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid domain name offset in a packet from %1. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 5507 — The DNS server encountered a name offset exceeding the packet length from %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a name offset exceeding the packet length from %1. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 5508 — The DNS server encountered a packet name exceeding the maximum label count from %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a packet name exceeding the maximum label count from %1. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 5509 — The DNS server encountered an invalid DNS update message from %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid DNS update message from %1.  The packet was rejected. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 5510 — The DNS server encountered an invalid response message from %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid response message from %1.  The packet was rejected. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 5511 — The DNS server encountered a name with a label whose length exceeds the maximum of 63 bytes from %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a name with a label whose length exceeds the maximum  of 63 bytes from %1. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 6000 — The DNS server started transfer of version %1 of zone %2 to the DNS server at %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server started transfer of version %1 of zone %2 to the DNS server at %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 6001 — The DNS server successfully completed transfer of version %1 of zone %2 to the DNS server at %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server successfully completed transfer of version %1 of zone %2 to the DNS server at %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 6002 — The transfer of version %1 of zone %2 by the DNS server was aborted by the server at %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The transfer of version %1 of zone %2 by the DNS server was aborted by the server at %3. To restart the transfer of the zone, you must initiate transfer at the secondary server.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 6003 — The DNS server received a request from %1 for a UDP-based transfer of the entire zone.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server received a request from %1 for a UDP-based transfer of the entire zone.  The request was ignored because full zone transfers must be made using TCP.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 6004 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 3
Samples: 1

Message

The DNS server received a zone transfer request from %1 for a non-existent or non-authoritative zone %2.

Fields

Name	Description
`param1`	—
`param2`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 6004
  version: 0
  level: 3
  task: 0
  opcode: 0
  keywords: 9223372036855300096
  time_created: '2020-07-11T12:58:57.451062+00:00'
  event_record_id: 343
  correlation: {}
  execution:
    process_id: 1764
    thread_id: 2284
  channel: DNS Server
  computer: rootdc1.offsec.lan
  security:
    user_id: S-1-5-18
event_data:
  param1: 10.23.23.9
  param2: hacking-zone.lan.
message: ''

Sigma Rules

Failed DNS Zone Transfer
Detects when a DNS zone transfer failed.

References

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 6520 — Zone %1 was updated to version %2 of the zone as provided from the master server at %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Zone %1 was updated to version %2 of the zone as provided from the master server at %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 6521 — Zone %1 is synchronized with version %2 of the zone as provided from the master server at %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Zone %1 is synchronized with version %2 of the zone as provided from the master server at %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 6522 — A more recent version, version %1 of zone %2 was found at the DNS server at %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

A more recent version, version %1 of zone %2 was found at the DNS server at %3. Zone transfer is in progress.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 6523 — Zone %1 failed zone refresh check.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Zone %1 failed zone refresh check.  Unable to connect to master DNS server at %2 to receive zone transfer.  Check that the zone contains correct IP address for the master server or if network failure has occurred.  For more information, see "To update the master server for a secondary zone" in the online Help.  If available, you can specify more than one master server in the list for this zone.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 6524 — Invalid response from master DNS server at %2 during attempted zone transfer of zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Invalid response from master DNS server at %2 during attempted zone transfer of zone %1.  Check the DNS server at %2 and ensure that it is authoritative for this zone.  This can be done by viewing or updating the list of authoritative servers for the zone.  When using the DNS console, select zone %1 Properties at server %2 and click the Name Servers tab.  If needed, you can add or update this server in the list there.  As an alternative solution, you could also modify settings in the Zone Transfer tab to allow transfer of the zone to this and other DNS servers.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 6525 — A zone transfer request for the secondary zone %1 was refused by the master DNS server at %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

A zone transfer request for the secondary zone %1 was refused by the master DNS server at %2. Check the zone at the master server %2 to verify that zone transfer is enabled to this server.  To do so, use the DNS console, and select master server %2 as the applicable server, then in secondary zone %1 Properties, view the settings on the Zone Transfers tab.  Based on the settings you choose, make any configuration adjustments there (or possibly in the Name Servers tab) so that a zone transfer can be made to this server.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 6526 — Zone %1 version %2 is newer than version %3 on DNS server at %4.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Zone %1 version %2 is newer than version %3 on DNS server at %4.  The zone was not updated. 
DNS servers supplying zones for transfer must have the most recent version of the zone, based on the primary zone.  If zone on remote server %4, is in fact the most recent version of the zone, do the following at that server: 
 (1) stop the DNS server, 
 (2) delete the zone file (not the zone itself) and 
 (3) restart the DNS server 
The DNS server will transfer the new version and write its zone file. 
When deleting the zone file at server %4, locate the file named %1.dns in the %SystemRoot%\System32\Dns directory and delete it. An alternative solution is to delete and recreate the secondary zone at server %4.  This could be preferred if this server hosts large zones and restarting it at this time would be a consuming or costly operation.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`param4`	—
`__binLength`	—
`binary`	—

Event ID 6527 — Zone %1 expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Zone %1 expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.  The zone has been shut down.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 6528 — The scope %1 of zone %2 expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The scope %1 of zone %2 expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.  The zone scope has been shut down.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 6529 — The operation for zone %1 is not complete.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The operation for zone %1 is not complete. The scope %2 of zone failed during conversion. The event data contains the error.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 6530 — During transfer of zone %1 from master at %2, the DNS server received a resource record (RR) for domain node %3 at which an CNAME (alias) RR was al...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

During transfer of zone %1 from master at %2, the DNS server received a resource record (RR) for domain node %3 at which an CNAME (alias) RR was already received.  When used, the CNAME RR must be the only record for its domain name.  The CNAME RR for %3 will be ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 6531 — During transfer of zone %1 from master at %2, the DNS server received a CNAME (alias) resource record (RR) for domain node %3 for which other recor...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

During transfer of zone %1 from master at %2, the DNS server received a CNAME (alias) resource record (RR) for domain node %3 for which other records of that name were already received.  When used, the CNAME RR must be the only record for its domain name.  The CNAME RR for %3 will be ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 6532 — During transfer of zone %1 from master at %2, the DNS server received a CNAME (alias) resource record (RR) for domain node %3 which would form an C...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

During transfer of zone %1 from master at %2, the DNS server received a CNAME (alias) resource record (RR) for domain node %3 which would form an CNAME loop if accepted and used.  The CNAME RR for %3 is being ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 6533 — The DNS server could not create a zone transfer thread.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create a zone transfer thread.  The system may be out of resources.  Close any applications not in use or reboot the computer to free memory. The event data contains the error.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 6534 — Failed transfer of zone %1 from DNS server at %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed transfer of zone %1 from DNS server at %2.  The DNS server at %2 aborted or failed to complete transfer of the zone.  Check the DNS server at %2 and ensure it is properly functioning and authoritative for zone %1.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 6535 — The master DNS server at %2 responded to IXFR (Incremental Zone Transfer) request for zone %1 with an invalid (FORMAT ERROR) response.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The master DNS server at %2 responded to IXFR (Incremental Zone Transfer) request for zone %1 with an invalid (FORMAT ERROR) response.  DNS server performance and network bandwidth will both be improved by upgrading the DNS server at %2 to a run as either a Windows 2000 or later Microsoft DNS server or another IXFR-compatible DNS server implementation.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 6536 — Invalid IXFR (Incremental Zone Transfer) response from master DNS server at %2 during attempted incremental transfer of zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Invalid IXFR (Incremental Zone Transfer) response from master DNS server at %2 during attempted incremental transfer of zone %1.  Check the DNS server at %2, and verify its is running as a Windows 2000 or later Microsoft DNS server or  another IXFR-compatible DNS server implementation.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7050 — The DNS server recv() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server recv() function failed. The event data contains the error.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 7051 — The DNS server recvfrom() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server recvfrom() function failed. The event data contains the error.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 7052 — The DNS server send() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server send() function failed. The event data contains the error.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 7053 — The DNS server sendto() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server sendto() function failed. The event data contains the error.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 7054 — The DNS server select() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server select() function failed. The event data contains the error.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 7055 — The DNS server accept() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server accept() function failed. The event data contains the error.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 7056 — The DNS server GetQueuedCompletionStatus() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server GetQueuedCompletionStatus() function failed. The event data contains the error.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 7060 — The DNS server could not connect to DNS server at %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not connect to DNS server at %1. The event data contains the error.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7062 — The DNS server encountered a packet addressed to itself on IP address %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a packet addressed to itself on IP address %1. The packet is for the DNS name "%2". The packet will be discarded. This condition usually indicates a configuration error.

Check the following areas for possible self-send configuration errors:
1) Forwarders list. (DNS servers should not forward to themselves).
2) Master lists of secondary zones.
3) Notify lists of primary zones.
4) Delegations of subzones. Must not contain NS record for this DNS server unless subzone is also on this server.
5) Root hints.

Example of self-delegation:
-> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com.
-> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com,
(bar.example.microsoft.com NS dns1.example.microsoft.com)
-> BUT the bar.example.microsoft.com zone is NOT on this server.

Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result. If found, the subzone DNS server admin should remove the offending NS record.

You can use the DNS server debug logging facility to track down the cause of this problem.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7500 — The DNS server failed to process a packet from %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server failed to process a packet from %1.  The packet was discarded.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7502 — The DNS server was unable to service a client request due a shortage of available memory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to service a client request due a shortage of available memory.  Close any applications not in use or reboot the computer to free memory.

Fields

Name	Description
`__binLength`	—
`binary`	—

Event ID 7503 — The DNS server could not allocate memory for resource record %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not allocate memory for resource record %1. Close any applications not in use or reboot the computer to free memory.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7504 — DNS Server WINS NetBIOS Initialization

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not allocate memory for the node of domain name %1. Close any applications not in use or reboot the computer to free memory.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7600 — The global query block list is a feature that prevents attacks on your network by blocking DNS queries for specific host names.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The global query block list is a feature that prevents attacks on your network by blocking DNS queries for specific host names. This feature has caused the DNS server to fail a query with error code NAME ERROR for %1 even though data for this DNS name exists in the DNS database. Other queries in all locally authoritative zones for other names that begin with labels in the block list will also fail, but no event will be logged when further queries are blocked until the DNS server service on this computer is restarted. See product documentation for information about this feature and instructions on how to configure it.
 
Below is the current global query block list (this list may be truncated in this event if it is too long):
%2

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 7616 — The TrustAnchors zone could not be loaded.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The TrustAnchors zone could not be loaded:%1

Fields

Name	Description
`param1`	—

Event ID 7632 — The DNSSEC trust point %1 is available for DNSSEC validation.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNSSEC trust point %1 is available for DNSSEC validation. The DNSKEY records for this trust point will be refreshed to check for updates at %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7633 — The DNSSEC trust point %1 is available for DNSSEC validation.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNSSEC trust point %1 is available for DNSSEC validation.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7634 — The DNSSEC trust point %1 is not available for DNSSEC validation, because a valid DNSKEY record that matches the provided DS trust anchor(s) has no...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNSSEC trust point %1 is not available for DNSSEC validation, because a valid DNSKEY record that matches the provided DS trust anchor(s) has not yet been found. An attempt to find a matching DNSKEY record will be made during the next active refresh at %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7635 — The DNSSEC trust point %1 will be deleted after %2 because it has no valid trust anchors.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNSSEC trust point %1 will be deleted after %2 because it has no valid trust anchors.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7636 — The DNSSEC trust point %1 has been deleted because it has no valid or revoked trust anchors.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNSSEC trust point %1 has been deleted because it has no valid or revoked trust anchors.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7637 — The DS record with the key tag %2 at the trust point %1 will be replaced with a DNSKEY trust anchor when a matching DNSKEY record is found during t...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DS record with the key tag %2 at the trust point %1 will be replaced with a DNSKEY trust anchor when a matching DNSKEY record is found during the next active refresh.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7638 — The DNSKEY with the key tag %2 at the trust point %1 is now a valid trust anchor for use in DNSSEC validations.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNSKEY with the key tag %2 at the trust point %1 is now a valid trust anchor for use in DNSSEC validations.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7639 — The trust anchor with the key tag %2 at the trust point %1 has been removed from the authoritative server without being revoked.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The trust anchor with the key tag %2 at the trust point %1 has been removed from the authoritative server without being revoked. This trust anchor is still valid for use in DNSSEC validations, but may need to be removed manually if its removal from the authoritative server was permanent.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7640 — The DNSKEY with the key tag %2 at the trust point %1 has been marked as revoked by the authoritative server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNSKEY with the key tag %2 at the trust point %1 has been marked as revoked by the authoritative server. This key is no longer valid for DNSSEC validations, and will be deleted then next time the server is restarted.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7641 — The DNSKEY with the key tag %2 at the trust point %1 will become a trust anchor after %3, if it is consistently present on the authoritative server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNSKEY with the key tag %2 at the trust point %1 will become a trust anchor after %3, if it is consistently present on the authoritative server.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 7642 — The DS record with the key tag %2 at the trust point %1 does not correspond to a valid trust anchor.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DS record with the key tag %2 at the trust point %1 does not correspond to a valid trust anchor. The corresponding DNSKEY is not a key-signing-key (KSK) or no corresponding key could be found. The server try again to find a match at the next active refresh.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7643 — The %3 with the key tag %2 at the trust point %1 has been deleted.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The %3 with the key tag %2 at the trust point %1 has been deleted.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 7644 — The active refresh query for the DNSKEY records at the trust point %1 has failed (%2).

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The active refresh query for the DNSKEY records at the trust point %1 has failed (%2). This query will be retried at %3. Check that a DNS query for the DNSKEY records at the trust point succeeds.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 7645 — The active refresh query for the DNSKEY records at the trust point %1 has succeeded.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The active refresh query for the DNSKEY records at the trust point %1 has succeeded. This query will be repeated at %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7646 — The zone %1 is now signed with DNSSEC.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The zone %1 is now signed with DNSSEC.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7647 — The zone %1 is no longer signed with DNSSEC.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The zone %1 is no longer signed with DNSSEC.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7648 — The DNS server has detected that it is no longer the Key Master for zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that it is no longer the Key Master for zone %1. The Key Master role has been seized or transferred to %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7649 — The DNS server has successfully assumed Key Master responsibilities for zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has successfully assumed Key Master responsibilities for zone %1.  The Key Master role was transferred to this server from %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7650 — The DNS server has started signing the zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has started signing the zone %1.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7652 — The DNS server encountered an error while signing the zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an error while signing the zone %1. The error code encountered during signing was %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7653 — The DNS server has detected that zone signing parameters for zone %1 have been changed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that zone signing parameters for zone %1 have been changed. The zone will be re-signed in %2 seconds.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7654 — The DNS server was unable to sign zone data changed by dynamic update at node %1 in zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to sign zone data changed by dynamic update at node %1 in zone %2. The update has been rejected. The error code encountered during signing was %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 7655 — The DNS server was unable to sign zone data changed by a scavenging update to remove stale records at node %1 in zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to sign zone data changed by a scavenging update to remove stale records at node %1 in zone %2. Scavenging for this zone has been aborted. This operation will be retried on the next DNS server scavenging cycle. The error code encountered during signing was %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 7656 — The DNS server was unable to sign zone changes replicated from another domain controller at node %1 in zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to sign zone changes replicated from another domain controller at node %1 in zone %2. Replication change processing for this zone has been aborted. This operation will be retried on the next DNS server polling cycle. The error code encountered during signing was %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 7657 — The DNS server was unable to refresh signatures at node %1 in zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to refresh signatures at node %1 in zone %2. The signature update process for this zone been aborted. This operation will be retried on the next zone signature refresh cycle. The error code encountered during signing was %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 7658 — The DNS server was unable to complete re-signing of the zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to complete re-signing of the zone %1. The error code encountered during signing was %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7659 — The DNS server was unable to sign new DS records from the child zone at node %1 in zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to sign new DS records from the child zone at node %1 in zone %2. The new DS records will not be incorporated into the zone and child zone polling for this zone has been be aborted. This operation will be retried on the next DNS server child polling cycle. The error code encountered during signing was %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 7660 — The DNS server was unable to validate new DS records from the child zone at node %1 in zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to validate new DS records from the child zone at node %1 in zone %2. The new DS records will not be automatically incorporated into the zone and require manual update.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7661 — The DNS server was unable to sign an administrative update at node %1 in zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to sign an administrative update at node %1 in zone %2. The update has been rejected. The error code encountered during signing was %3.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 7662 — The DNS server will not be able to automatically refresh the DS record set at node %1 in zone %2 because this DNS server does not support all DS an...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server will not be able to automatically refresh the DS record set at node %1 in zone %2 because this DNS server does not support all DS and DNSKEY algorithms used by the child zone. When this child zone?s key signing keys are rolled over, the DS record set will have to be manually imported.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7663 — The DNS server was unable to sign the zone %1 because it encountered an invalid DNSSEC signing key descriptor %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to sign the zone %1 because it encountered an invalid DNSSEC signing key descriptor %2. The error code encountered during validation was %3. Run the signing parameter validation on the Key Master for the zone to ensure that the signing key descriptors are valid.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 7664 — The DNS server was unable to sign the zone %1 because it encountered an invalid DNSSEC signing configuration.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to sign the zone %1 because it encountered an invalid DNSSEC signing configuration. The error code encountered during validation was %2. Run the signing parameter validation on the Key Master for the zone to ensure that the correct parameters are configured.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7665 — The DNS server was unable to sign the zone %1 because it was unable to access the signing key descriptor %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to sign the zone %1 because it was unable to access the signing key descriptor %2. The error code encountered during signing was %3. Ensure that the signing key descriptors are accessible by this server.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 7666 — The DNS server encountered an error signing zone %1 during load.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an error signing zone %1 during load. The error code encountered during signing was %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7667 — Keys for the Signing Key Descriptor %1 in zone %2 will be rolled over in less than 1 day.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Keys for the Signing Key Descriptor %1 in zone %2 will be rolled over in less than 1 day.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 7668 — Keys for the Signing Key Descriptor %1 in zone %2 will be rolled over in %3 days.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Keys for the Signing Key Descriptor %1 in zone %2 will be rolled over in %3 days.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`__binLength`	—
`binary`	—

Event ID 7669 — Keys for the Signing Key Descriptor %1 in zone %2 are starting the rollover process.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Keys for the Signing Key Descriptor %1 in zone %2 are starting the rollover process.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7670 — The rollover process for Signing Key Descriptor %1 in zone %2 is complete.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The rollover process for Signing Key Descriptor %1 in zone %2 is complete.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7671 — There was an error rolling keys for Signing Key Descriptor %1 in zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

There was an error rolling keys for Signing Key Descriptor %1 in zone %2.  This Signing Key Descriptor will no longer attempt to roll its keys automatically.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7672 — There was an error rolling keys for Signing Key Descriptor %1 in zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

There was an error rolling keys for Signing Key Descriptor %1 in zone %2.  The DNS server will continue to attempt to complete the rollover.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7673 — Retired Signing Key Descriptor %1 in zone %2 has been removed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Retired Signing Key Descriptor %1 in zone %2 has been removed.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7674 — Zone %1 has been transferred to one or more secondary DNS servers.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Zone %1 has been transferred to one or more secondary DNS servers. This zone is signed and contains WINS records but the WINS records have been omitted from the zone transfer since secondary servers cannot sign WINS results. It is not recommended that zone transfer be deployed for signed zones that perform WINS forwarding.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7675 — The DNS server has started signing the scope %1 of zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has started signing the scope %1 of zone %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7676 — The scope %1 of zone %2 is signed with DNSSEC.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The scope %1 of zone %2 is signed with DNSSEC. The server will give DNSSEC compliant responses to DNSSEC queries for this scope.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7677 — The DNS server encountered an error while signing the scope %1 of zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an error while signing the scope %1 of zone %2. The error code encountered during signing was %3. The server might not provide DNSSEC compliant responses to DNSSEC queries for this scope.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`VirtualizationID`	—
`__binLength`	—
`binary`	—

Event ID 7678 — The scope %1 of zone %2 is no longer signed with DNSSEC.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The scope %1 of zone %2 is no longer signed with DNSSEC. The server will not provide DNSSEC compliant responses to DNSSEC queries for this scope.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7679 — The DNS server encountered an error while unsigning the scope %1 of zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an error while unsigning the scope %1 of zone %2. The error code encountered during unsigning was %3. The server might continue providing DNSSEC compliant responses to DNSSEC queries for this scope.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`VirtualizationID`	—
`__binLength`	—
`binary`	—

Event ID 7680 — Failed to load scopes of zone %1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load scopes of zone %1. This might be due to failure while reading the scope information from registry. The zone should be reloaded. The event data is the error             code. [virtualization instance: %2].

Fields

Name	Description
`param1`	—
`VirtualizationID`	—
`__binLength`	—
`binary`	—

Event ID 7681 — Failed to load scope %1 of zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load scope %1 of zone %2. Please check the scope and reload the zone. The event data is the error code. [virtualization instance: %3].

Fields

Name	Description
`param1`	—
`param2`	—
`virtualizationId`	—
`__binLength`	—
`binary`	—

Event ID 7682 — Failed to load scope %1 of zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load scope %1 of zone %2. The event data is the error code. [virtualization instance: %3].

Fields

Name	Description
`param1`	—
`param2`	—
`virtualizationId`	—
`__binLength`	—
`binary`	—

Event ID 7683 — Failed to write data of scope %1 of zone %2 into file %3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to write data of scope %1 of zone %2 into file %3. Please ensure the file exists and is writable, and then attempt to rewrite the zone and scope data to their data files. The event data is the error code. [virtualization instance: %4].

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`VirtualizationID`	—
`__binLength`	—
`binary`	—

Event ID 7684 — The cache scope %1 was flushed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The cache scope %1 was flushed.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7685 — A scope %1 has been added to server %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

A scope %1 has been added to server %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7686 — A scope %1 has been deleted from server %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

A scope %1 has been deleted from server %2.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7687 — Failed to load scope %1 of server %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed to load scope %1 of server %2

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7688 — The size of the cache on DNS server is approaching its configured limit of %1 KB.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The size of the cache on DNS server is approaching its configured limit of %1 KB. An event has been fired by recursion thread to bring down the cache size within the configured limit. The system may experience momentary CPU spikes.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7689 — The size of the cache on DNS server is approaching its configured limit of %1 KB.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The size of the cache on DNS server is approaching its configured limit of %1 KB. Timeout thread has started to bring down the cache size within the configured limit. The system may experience momentary CPU spikes.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7690 — The size of the cache on DNS server has been brought within its configured limit of %1 KB.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The size of the cache on DNS server has been brought within its configured limit of %1 KB.

Fields

Name	Description
`param1`	—
`__binLength`	—
`binary`	—

Event ID 7691 — DNS service started with less privileges as KDC is unavailable at the moment.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

DNS service started with less privileges as KDC is unavailable at the moment. It is advisable to restart the service, otherwise some records from AD zones may not be accessible to the DNS service.

Event ID 7692 — The EDNS option code %1 for scope transaction during zone transfer is invalid.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The EDNS option code %1 for scope transaction during zone transfer is invalid. The default value i.e. %2 will be used.

Fields

Name	Description
`param1`	—
`param2`	—
`__binLength`	—
`binary`	—

Event ID 7693 —

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: 4
Samples: 1

Message

The XfrScopeOptionValue has been set to %1.  This option ID will be used to communicate the scope information during zone transfers via an OPT RR.

Fields

Name	Description
`Name`	—
`Data`	—
`Binary`	—

Example Event

system:
  provider: Microsoft-Windows-DNS-Server-Service
  guid: 71A551F5-C893-4849-886B-B5EC8502641E
  event_source_name: ''
  event_id: 7693
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854779904
  time_created: '2022-04-07T16:53:24.111885+00:00'
  event_record_id: 23
  correlation: {}
  execution:
    process_id: 2320
    thread_id: 2848
  channel: DNS Server
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-18
event_data:
  Name: DNS_EVENT_SCOPE_EDNS_OPCODE_SET
  Data:
    Name: param1
    Value: 65433
  Binary: ''
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 7694 — The DNS server encountered an error %1 while signing the zone %2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an error %1 while signing the zone %2. There was a failure while setting the length of the %3 signing key to %4. The DNS Server will attempt to create the key with the default length as set by the key storage provider %5.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`param4`	—
`param5`	—

Event ID 1073741826 — The DNS server has started.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has started.

Event ID 1073741827 — The DNS server has shut down.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has shut down.

Event ID 1073741828 — The DNS server has finished the background loading of zones.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has finished the background loading of zones. All zones are now available for DNS updates and zone transfers; as allowed by their individual zone configuration.

Event ID 1073742532 — The DNS server did not detect any zones of either primary or secondary type during initialization.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server did not detect any zones of either primary or secondary type during initialization. It will not be authoritative for any zones; and it will run as a caching-only server until a zone is loaded manually or by Active Directory replication. For more information; see the online Help.

Event ID 1073742533 — The DNS server has moved the AD-integrated root hint data for all DNS servers in this domain to the {param1} directory partition.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has moved the AD-integrated root hint data for all DNS servers in this domain to the {param1} directory partition.

Fields

Name	Description
`param1`	—

Event ID 1073742534 — An administrator has changed the type and zone storage options of zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

An administrator has changed the type and zone storage options of zone {param1}. The zone is now type {param2}. The zone will be stored in the zone file {param3}.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073742535 — An administrator has changed the type and/or Active Directory location of zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

An administrator has changed the type and/or Active Directory location of zone {param1}. The zone is now type {param2}. The zone will be stored in Active Directory at {param3}.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073742536 — An administrator has changed the zone storage options for zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

An administrator has changed the zone storage options for zone {param1}. The zone will now be stored in the zone file {param2}.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 1073742537 — An administrator has moved the zone {param1} to a new location in Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

An administrator has moved the zone {param1} to a new location in Active Directory. The zone will be stored in Active Directory at {param2}.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 1073742624 — The zone {param1} is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS ser...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The zone {param1} is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot  be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates.

Fields

Name	Description
`param1`	—

Event ID 1073743826 — The DNS server has written a new version of the boot file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has written a new version of the boot file.  Either new zones or changes to existing zone information were made through the DNS console that required the DNS server to update the information in this file.  A copy of the previous boot file has been moved to the %SystemRoot%\System32\Dns\backup directory.

Event ID 1073743829 — The DNS server has been reconfigured to boot from a boot file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has been reconfigured to boot from a boot file.  Current server and zone configuration information has been written to this file. To return to booting from the registry or Active Directory; use the DNS console and reconfigure the boot method for the server.  For more information; see 'To change the boot method used by the DNS server' in the online Help.

Event ID 1073744325 — The DNS server has completed a scavenging cycle: Visited Zones = {param1}; Visited Nodes = {param2}; Scavenged Nodes = {param3}; Scavenged Records ...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has completed a scavenging cycle: Visited Zones     = {param1}; Visited Nodes     = {param2}; Scavenged Nodes   = {param3}; Scavenged Records = {param4}.  This cycle took {param5} seconds.  The next scavenging cycle is scheduled to run in {param6} hours.  The event data will contain the error code if there was an error during the scavenging cycle.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`param4`	—
`param5`	—
`param6`	—

Event ID 1073744326 — The DNS server has completed a scavenging cycle but no nodes were visited.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has completed a scavenging cycle but no nodes were visited. Possible causes of this condition include:    1) No zones are configured for scavenging by this server.   2) A scavenging cycle was performed within the last {param1} minutes.   3) An error occurred during scavenging.  The next scavenging cycle is scheduled to run in {param2} hours.  The event data will contain the error code if there was an error during the scavenging cycle.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 1073744455 — The DNS server successfully autoconfigured: {param1} {param2} {param3} {param4}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server successfully autoconfigured: 	{param1} 	{param2} 	{param3} 	{param4}

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`param4`	—

Event ID 1073744974 — The DNS server wrote version {param1} of zone {param2} to file {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server wrote version {param1} of zone {param2} to file {param3}.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073745829 — The DNS server received indication that zone {param1} was deleted from the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server received indication that zone {param1} was deleted from the Active Directory.  Since this zone was an Active Directory integrated zone; it has been deleted from the DNS server.

Fields

Name	Description
`param1`	—

Event ID 1073745844 — The DNS server is now starting to load zone {param1} in the background.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is now starting to load zone {param1} in the background. While the zone is being loaded all DNS updates and zone transfer requests will be refused.

Fields

Name	Description
`param1`	—

Event ID 1073745845 — The DNS server has completed background loading of zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has completed background loading of zone {param1}. The zone is now available for updates and zone transfers if allowed by the zone's configuration. It took {param2} seconds to load the zone.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 1073746324 — The DNS Application Directory Partition {param1} was created.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS Application Directory Partition {param1} was created. The distinguished name of the root of this Directory Partition is {param2}.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 1073746325 — The DNS Application Directory Partition {param1} was deleted.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS Application Directory Partition {param1} was deleted. The distinguished name of the root of this Directory Partition was {param2}.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 1073746326 — The DNS added the local Active Directory to the replication scope of Application Directory Partition {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS added the local Active Directory to the replication scope of Application  Directory Partition {param1}. The distinguished name of the root of this Directory Partition is {param2}.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 1073746327 — The DNS removed the local Active Directory from the replication scope of Application Directory Partition {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS removed the local Active Directory from the replication scope of Application  Directory Partition {param1}. The distinguished name of the root of this Directory Partition is {param2}.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 1073746337 — The DNS server detected that it is not enlisted in the replication scope of the directory partition {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server detected that it is not enlisted in the replication scope of the directory partition {param1}. This prevents the zones that should be replicated to all DNS servers in the {param2} forest from replicating to this DNS server.  To create or repair the forest-wide DNS directory partition; open the the DNS  console. Right-click the applicable DNS server; and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information; see 'To create the default DNS application directory partitions' in Help and Support.  The error was {param3}.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073746338 — The DNS server detected that it is not enlisted in the replication scope of the directory partition {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server detected that it is not enlisted in the replication scope of the  directory partition {param1}. This prevents the zones that should be replicated to all DNS servers in the {param2} domain from replicating to this DNS server. For information on how to add a DNS server to the replication scope of an application directory partition; please see Help and Support.  To create or repair the domain-wide DNS directory partition; open the the DNS  console. Right-click the applicable DNS server; and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information; see 'To create the default DNS application directory partitions' in Help and Support.  The error was {param3}.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073746347 — The DNS server has detected that the application directory partition {param1} is replicating onto this domain controller.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that the application directory partition {param1} is replicating onto this domain controller. DNS data will not be loaded from this new directory partition until initial replication has completed.

Fields

Name	Description
`param1`	—

Event ID 1073746348 — The DNS server has detected that the application directory partition {param1} has finished replicating onto this domain controller.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that the application directory partition {param1} has finished replicating onto this domain controller. DNS data will now be loaded from this directory partition.

Fields

Name	Description
`param1`	—

Event ID 1073747324 — The DNS server received a bad DNS query from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server received a bad DNS query from {param1}.  The query was rejected or ignored. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—

Event ID 1073747325 — The DNS server encountered a bad packet from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a bad packet from {param1}.  Packet processing leads beyond packet length. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—

Event ID 1073747326 — The DNS server received a bad TCP-based DNS message from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server received a bad TCP-based DNS message from {param1}.  The packet was rejected or ignored. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—

Event ID 1073747328 — The DNS server encountered an invalid domain name in a packet from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid domain name in a packet from {param1}. The packet will be rejected. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—

Event ID 1073747329 — The DNS server encountered a domain name exceeding the maximum length in the packet from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a domain name exceeding the maximum length in the packet from {param1}. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—

Event ID 1073747330 — The DNS server encountered an invalid domain name offset in a packet from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid domain name offset in a packet from {param1}. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—

Event ID 1073747331 — The DNS server encountered a name offset exceeding the packet length from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a name offset exceeding the packet length from {param1}. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—

Event ID 1073747332 — The DNS server encountered a packet name exceeding the maximum label count from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a packet name exceeding the maximum label count from {param1}. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—

Event ID 1073747333 — The DNS server encountered an invalid DNS update message from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid DNS update message from {param1}.  The packet was rejected. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—

Event ID 1073747334 — The DNS server encountered an invalid response message from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid response message from {param1}.  The packet was rejected. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—

Event ID 1073747335 — The DNS server encountered a name with a label whose length exceeds the maximum of 63 bytes from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a name with a label whose length exceeds the maximum  of 63 bytes from {param1}. The event data contains the DNS packet.

Fields

Name	Description
`param1`	—

Event ID 1073747824 — The DNS server started transfer of version {param1} of zone {param2} to the DNS server at {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server started transfer of version {param1} of zone {param2} to the DNS server at {param3}.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073747825 — The DNS server successfully completed transfer of version {param1} of zone {param2} to the DNS server at {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server successfully completed transfer of version {param1} of zone {param2} to the DNS server at {param3}.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073747826 — The transfer of version {param1} of zone {param2} by the DNS server was aborted by the server at {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The transfer of version {param1} of zone {param2} by the DNS server was aborted by the server at {param3}. To restart the transfer of the zone; you must initiate transfer at the secondary server.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073748344 — Zone {param1} was updated to version {param2} of the zone as provided from the master server at {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Zone {param1} was updated to version {param2} of the zone as provided from the master server at {param3}.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073748345 — Zone {param1} is synchronized with version {param2} of the zone as provided from the master server at {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Zone {param1} is synchronized with version {param2} of the zone as provided from the master server at {param3}.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073748346 — A more recent version; version {param1} of zone {param2} was found at the DNS server at {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

A more recent version; version {param1} of zone {param2} was found at the DNS server at {param3}. Zone transfer is in progress.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147484057 — The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer.  Use the DNS manager server properties; interfaces dialog; to verify and reset the IP addresses the DNS server should listen on.  For more information; see 'To restrict a DNS server to listen only on selected addresses' in the online Help.

Event ID 2147484059 — The DNS server has bound one or more socket pool sockets to port numbers from port exclusion range {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has bound one or more socket pool sockets to port numbers from port exclusion range {param1}.

Fields

Name	Description
`param1`	—

Event ID 2147484062 — The DNS server computer currently does not have a DNS domain name.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server computer currently does not have a DNS domain name.  Its DNS name is a single-label host name with no domain (for example:  'host' rather than 'host.microsoft.com').  You might have forgotten to configure a primary DNS domain for the server computer.  Because the DNS server has only a single-label name; all zones created will have default records (SOA and NS) created using only this single-label name for the server's host name.  This can lead to incorrect and failed referrals when clients and other DNS servers use these records to locate this server by name.  To correct this problem:   1) Click Start; and then click Control Panel.  2) Open System and Maintenance ; and then open System.   3) Click Change Settings; and then click Change.  4) Click either Domain or Workgroup; and then type the name of the domain or  workgroup you want the computer to join; the domain or workgroup name will be used as your DNS domain name.   5) When prompted; restart the computer. After the computer restarts; the DNS server will attempt to fix up default records; substituting the new DNS name of this server for the old single-label name.  However; you should review the zone's SOA and NS records to ensure that they now use the correct domain name of this server.

Event ID 2147484354 — The DNS server does not have a cache or other database entry for root name servers.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server does not have a cache or other database entry for root name servers. Either the root hints file; cache.dns; or Active Directory must have at least one name server (NS) resource record; indicating a root DNS server and a corresponding host (A) resource record for that root DNS server.  Otherwise; the DNS server will be unable to contact the root DNS server on startup and will be unable to answer queries for names outside of its own authoritative zones.  To correct this problem; use the DNS console to update the server root hints.  For more information; see the online Help.

Event ID 2147484850 — The DNS server encountered an unsupported 'directory' directive in the server boot file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an unsupported 'directory' directive in the server boot file {param1} at line {param2}. All database files must be located in the '%SystemRoot%\system32\dns' directory. The directory directive is ignored.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 2147485168 — The DNS server encountered the unknown directive '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered the unknown directive '{param1}' in file {param2} at line {param3}. The directive was ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147485169 — The DNS server encountered the unsupported directive '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered the unsupported directive '{param1}' in file {param2} at line {param3}. The directive was ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147485170 — The DNS server encountered the obsolete directive '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered the obsolete directive '{param1}' in file {param2} at line {param3}. The directive was ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147485171 — The DNS server encountered the directive '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered the directive '{param1}' in file {param2} at line {param3}. The directive is not yet supported and was ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147485173 — DNSSEC signatures with key tag {param1}; associated with records in zone {param2}; will expire on {param3} (UTC time).

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

DNSSEC signatures with key tag {param1}; associated with records in zone {param2}; will expire on {param3} (UTC time). Once the signatures expire; name resolution will fail for resolvers that require validation  until new signatures are created.  To create new signatures; re-sign the zone.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147485249 — DNS server encountered the obsolete record type {param1} in database file {param2}; line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

DNS server encountered the obsolete record type {param1} in database file {param2}; line {param3}. The record was ignored.  MD or MF record types are obsolete.  They should be converted to MX record type which has the format:   MX <preference value> <mail server domain name> Example: 	microsoft.com   MX 10 mai1.microsoft.com.  For more information; see the 'Resource records reference' in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147486278 — The DNS server could not configure the network connections of this computer with the local computer's IP address as the preferred DNS server; becau...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not configure the network connections of this computer with the local computer's IP address as the preferred DNS server; because this computer is connected to networks with different or invalid DNS namespaces. Manual configuration of the local DNS server to perform name resolution on one or more of the namespaces is required before the preferred DNS servers of this computer should be modified.  If the network connections of this computer are not configured with the local computer's IP address as the preferred DNS server; this computer may not be able to dynamically register DC locator records in DNS. Absence of these records may prevent other Active Directory domain controllers and domain members from locating this domain controller.  User Action:  Ensure that DC locator DNS records enumerated in the file %SystemRoot%\system32\config\netlogon.dns are registered on the local DNS server. If these records are not registered in DNS: a) Add a delegation to this DNS server to parent DNS zone matching the name of the Active Directory domain OR b) Configure the local DNS server with appropriate root hints and forwarders (if necessary) and configure the network connections of this computer with the local computer's IP address as the preferred DNS server. Note that other computers using other DNS servers as their preferred or alternate DNS servers may not be able to locate this domain controller; unless the DNS infrastructure is properly configured.

Event ID 2147487661 — The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution; consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

Event ID 2147487665 — The DNS server was unable to load or create the DnsAdmins group.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to load or create the DnsAdmins group. The most likely cause is that the Group Name has been changed. The DNS server will continue but for full functionality the DnsAdmins group should be repaired. The event data contains the error.

Event ID 2147487666 — The DNS server was unable to begin background loading of Active Directory-integrated zones.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to begin background loading of Active Directory-integrated zones. There may be a system resource problem. The DNS server service will now terminate. The event data contains the error.

Event ID 2147487667 — The DNS server attempted to load the Active Directory-integrated zone {param1} in the background but there was an error during load.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server attempted to load the Active Directory-integrated zone {param1} in the background but there was an error during load. This zone will now be shut down. Correct the error and restart the DNS server service. The event data contains the error.

Fields

Name	Description
`param1`	—

Event ID 2147488048 — The DNS server is experiencing high SOA query load.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is experiencing high SOA query load. This may be caused by a large number of local client machines performing updates. Single object replication of DNS records corresponding to SOA queries is being throttled. This may delay replication of updates to this RODC DNS server; however scheduled replication will not be affected.

Event ID 2147488158 — The DNS server was unable to connect to the domain naming FSMO {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to connect to the domain naming FSMO {param1}. No modifications to Directory Partitions are possible until the FSMO server is available for LDAP connections. The event data contains the error code.

Fields

Name	Description
`param1`	—

Event ID 2147488160 — The DNS server was unable to create the built-in directory partition {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to create the built-in directory partition {param1}. The error was {param2}.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 2147488163 — The zone {param1} was previously loaded from the directory partition {param2} but another copy of the zone has been found in directory partition {p...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The zone {param1} was previously loaded from the directory partition {param2} but another copy of the zone has been found in directory partition {param3}. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible.  If an administrator has moved this zone from one directory partition to another this may be a harmless transient condition. In this case; no action is necessary. The deletion of the original copy of the zone should soon replicate to this server.  If there are two copies of this zone in two different directory partitions but this is not a transient caused by a zone move operation then one of these copies should be deleted as soon as possible to resolve this conflict.  To change the replication scope of an application directory partition containing DNS zones and for more details on storing DNS zones in the application directory partitions; please see Help and Support.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147488168 — The DNS server encountered error {param1} building the zone list from Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered error {param1} building the zone list from Active Directory. The DNS server will sleep for {param2} seconds and try again. This can be caused by high Active Directory load and may be a transient condition.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 2147488169 — The DNS server encountered error {param1} attempting to load zone {param2} from Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered error {param1} attempting to load zone {param2} from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 2147488170 — The DNS server has deleted all records for a corrupt DNS node from Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has deleted all records for a corrupt DNS node from Active Directory. The DNS node's distinguished name was {param1}.

Fields

Name	Description
`param1`	—

Event ID 2147488699 — The DNS server is using a large amount of memory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is using a large amount of memory.  The data is the current memory allocated.

Event ID 2147489651 — The DNS server received a request from {param1} for a UDP-based transfer of the entire zone.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server received a request from {param1} for a UDP-based transfer of the entire zone.  The request was ignored because full zone transfers must be made using TCP.

Fields

Name	Description
`param1`	—

Event ID 2147489652 — The DNS server received a zone transfer request from {param1} for a non-existent or non-authoritative zone {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server received a zone transfer request from {param1} for a non-existent or non-authoritative zone {param2}.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 2147490171 — Zone {param1} failed zone refresh check.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Zone {param1} failed zone refresh check.  Unable to connect to master DNS server at {param2} to receive zone transfer.  Check that the zone contains correct IP address for the master server or if network failure has occurred.  For more information; see 'To update the master server for a secondary zone' in the online Help.  If available; you can specify more than one master server in the list for this zone.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 2147490174 — Zone {param1} version {param2} is newer than version {param3} on DNS server at {param4}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Zone {param1} version {param2} is newer than version {param3} on DNS server at {param4}.  The zone was not updated. DNS servers supplying zones for transfer must have the most recent version of the zone; based on the primary zone.  If zone on remote server {param4}; is in fact the most recent version of the zone; do the following at that server:  (1) stop the DNS server;  (2) delete the zone file (not the zone itself) and  (3) restart the DNS server The DNS server will transfer the new version and write its zone file. When deleting the zone file at server {param4}; locate the file named {param1}.dns in the %SystemRoot%\System32\Dns directory and delete it. An alternative solution is to delete and recreate the secondary zone at server {param4}.  This could be preferred if this server hosts large zones and restarting it at this time would be a consuming or costly operation.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—
`param4`	—

Event ID 2147490183 — The master DNS server at {param2} responded to IXFR (Incremental Zone Transfer) request for zone {param1} with an invalid (FORMAT ERROR) response.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The master DNS server at {param2} responded to IXFR (Incremental Zone Transfer) request for zone {param1} with an invalid (FORMAT ERROR) response.  DNS server performance and network bandwidth will both be improved by upgrading the DNS server at {param2} to a run as either a Windows 2000 or later Microsoft DNS server or another IXFR-compatible DNS server implementation.

Fields

Name	Description
`param2`	—
`param1`	—

Event ID 2147490708 — The DNS server could not connect to DNS server at {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not connect to DNS server at {param1}. The event data contains the error.

Fields

Name	Description
`param1`	—

Event ID 2147490710 — The DNS server encountered a packet addressed to itself on IP address {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a packet addressed to itself on IP address {param1}. The packet is for the DNS name '{param2}'. The packet will be discarded. This condition usually indicates a configuration error.  Check the following areas for possible self-send configuration errors:   1) Forwarders list. (DNS servers should not forward to themselves).   2) Master lists of secondary zones.   3) Notify lists of primary zones.   4) Delegations of subzones.  Must not contain NS record for this DNS server unless subzone is also on this server.   5) Root hints.  Example of self-delegation:   -> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com.   -> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com;   (bar.example.microsoft.com NS dns1.example.microsoft.com)   -> BUT the bar.example.microsoft.com zone is NOT on this server.  Note; you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly; but that the primary DNS for the subzone; has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server; then the self-send could result.  If found; the subzone DNS server admin should remove the offending NS record.  You can use the DNS server debug logging facility to track down the cause of this problem.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 2147491148 — The DNS server failed to process a packet from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server failed to process a packet from {param1}.  The packet was discarded.

Fields

Name	Description
`param1`	—

Event ID 2147491248 — The global query block list is a feature that prevents attacks on your network by blocking DNS queries for specific host names.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The global query block list is a feature that prevents attacks on your network by blocking DNS queries for specific host names. This feature has caused the DNS server to fail a query with error code NAME ERROR for {param1} even though data for this DNS name exists in the DNS database. Other queries in all locally authoritative zones for other names that begin with labels in the block list will also fail; but no event will be logged when further queries are blocked until the DNS server service on this computer is restarted. See product documentation for information about this feature and instructions on how to configure it. Below is the current global query block list (this list may be truncated in this event if it is too long):{param2}

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 2147491264 — The TrustAnchors zone could not be loaded:{param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The TrustAnchors zone could not be loaded:{param1}

Fields

Name	Description
`param1`	—

Event ID 3221225482 — The DNS server could not start because it is dependent on the NTDS service which is not started.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not start because it is dependent on the NTDS service which is not started.

Event ID 3221225583 — The DNS server could not create a thread.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create a thread.  System may be out of resources. You might close applications not in use; restart the DNS server or reboot your computer.  The event data is the error code.

Event ID 3221225603 — The DNS server failed to initialize NetBIOS lookups to support WINSR for reverse lookup zones.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server failed to initialize NetBIOS lookups to support WINSR for reverse lookup zones.  The server will continue to run but will not attempt to perform WINS reverse lookups.  This may be due to an incorrect configuration.  If WINSR lookups are not required; remove WINSR records from zone data files and reload modified zones or restart the DNS server.  If the DNS server should support WINSR reverse lookup; restart the server computer and verify that the WINS/NetBT configuration for TCP/IP client properties on the computer are correctly set.

Event ID 3221225612 — The DNS server could not initialize the remote procedure call (RPC) service.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not initialize the remote procedure call (RPC) service. If it is not running; start the RPC service or reboot the computer. The event data is the error code.

Event ID 3221225622 — The DNS server could not load or initialize the plug-in DLL {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not load or initialize the plug-in DLL {param1}. The event data is the error code returned by the plug-in DLL load or initialization attempt. Please correct the plug-in error that is causing this condition or remove the plug-in from the DNS server configuration.

Fields

Name	Description
`param1`	—

Event ID 3221225875 — The DNS server could not create a Transmission Control Protocol (TCP) socket.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create a Transmission Control Protocol (TCP) socket. Restart the DNS server or reboot the computer. The event data is the error code.

Event ID 3221225876 — The DNS server could not bind a Transmission Control Protocol (TCP) socket to address {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not bind a Transmission Control Protocol (TCP) socket to address {param1}.  The event data is the error code.  An IP address of 0.0.0.0 can indicate a valid 'any address' configuration in which all configured IP addresses on the computer are available for use. Restart the DNS server or reboot the computer.

Fields

Name	Description
`param1`	—

Event ID 3221225877 — The DNS server could not listen on Transmission Control Protocol (TCP) socket for address {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not listen on Transmission Control Protocol (TCP) socket for address {param1}. The event data is the error code.  An IP address of 0.0.0.0 can indicate a valid 'any address' configuration in which all configured IP addresses on the computer are available for use. Restart the DNS server or reboot the computer.

Fields

Name	Description
`param1`	—

Event ID 3221225878 — The DNS server could not create a User Datagram Protocol (UDP) socket.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create a User Datagram Protocol (UDP) socket. The event data is the error code. Restart the DNS server or reboot your computer.

Event ID 3221225879 — The DNS server could not bind a User Datagram Protocol (UDP) socket to {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not bind a User Datagram Protocol (UDP) socket to {param1}. The event data is the error code. Restart the DNS server or reboot your computer.

Fields

Name	Description
`param1`	—

Event ID 3221225880 — The DNS server could not open socket for address {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not open socket for address {param1}. Verify that this is a valid IP address for the server computer.  If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces.  Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error.  In that case remove the DNS\Parameters\ ListenAddress value in the services section of the registry and restart.)  If this is a valid IP address for this machine; make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.  For more information; see 'DNS server log reference' in the online Help.

Fields

Name	Description
`param1`	—

Event ID 3221225882 — The DNS server list of restricted interfaces does not contain a valid IP address for the server computer.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server list of restricted interfaces does not contain a valid IP address for the server computer. The DNS server will use all IP interfaces on the machine.  Use the DNS manager server properties; interfaces dialog; to verify and reset the IP addresses the DNS server should listen on.  For more information; see 'To restrict a DNS server to listen only on selected addresses' in the online Help.

Event ID 3221225972 — The DNS server has detected that the zone {param1} has invalid or corrupted registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that the zone {param1} has invalid or corrupted registry data.  To correct the problem; you can delete the applicable zone subkey; located under DNS server parameters in the registry. You can then recreate the zone using the DNS console.  For more information; see 'Tuning advanced server parameters' and 'Add and Remove Zones' in the online Help.

Fields

Name	Description
`param1`	—

Event ID 3221225973 — The DNS server has detected that the zone {param1} has a missing or corrupted zone type in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that the zone {param1} has a missing or corrupted zone type in registry data.  To correct the problem; you can delete the applicable zone subkey; located under DNS server parameters in the registry.   You can then recreate the zone using the DNS console.  For more information; see 'Tuning advanced server parameters' and 'Add and Remove Zones' in the online Help.

Fields

Name	Description
`param1`	—

Event ID 3221225974 — The DNS server has detected that for the primary zone {param1} its has no zone file name stored in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that for the primary zone {param1} its has no zone file name stored in registry data.  You can either update the zone file name or delete the zone and recreate it using the DNS console.  To delete the applicable zone from the registry; locate its subkey under DNS server parameters in the registry.  You can then recreate the zone using the DNS console.  For more information; see 'To change a zone file name'; 'Tuning advanced server parameters' and 'Add and Remove Zones' in the online Help.

Fields

Name	Description
`param1`	—

Event ID 3221225975 — The DNS server has detected that the secondary zone {param1} has no master IP addresses in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has detected that the secondary zone {param1} has no master IP addresses in registry data.  Secondary zones require at least one master server to act as a source.  You can add or update the IP address for the master server for this zone using the DNS console.  For more information; see 'To update the master server for a secondary zone' in the online Help.

Fields

Name	Description
`param1`	—

Event ID 3221225976 — The DNS server could not create zone {param1} from registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create zone {param1} from registry data.  One or more of the zone registry key values could be corrupted or the zone file is missing. Use the DNS console to replace or repair any corrupted registry key values or confirm that the zone database is available.  For more information; see 'Configure zone properties' in the online Help.

Fields

Name	Description
`param1`	—

Event ID 3221225977 — The DNS server zone {param1} has invalid or corrupted registry data for {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server zone {param1} has invalid or corrupted registry data for {param2}. Use the DNS console to replace or repair any corrupted registry key values or confirm that the zone database is available.  For more information; see the online Help.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221225978 — The DNS server has invalid or corrupted registry parameter {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has invalid or corrupted registry parameter {param1}.  To correct the problem; you can delete the applicable registry value; located under DNS server parameters in the registry.  You can then recreate it using the DNS console.  For more information; see the online Help.

Fields

Name	Description
`param1`	—

Event ID 3221225979 — The DNS server encountered invalid or corrupted forwarder parameters in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered invalid or corrupted forwarder parameters in registry data.  To fix the forwarders: 	 - connect to or open this server in DNS Manager 	 - bring up server properties 	 - open 'Forwarders' tab 	 - reset forwarders information to desired values 	 - click OK  For more information; see the online Help.

Event ID 3221226179 — The DNS server is not root authoritative and no root hints were specified in the cache.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is not root authoritative and no root hints were specified in the cache.dns file. Where the server is not a root server; this file must specify root hints in the form of at least one name server (NS) resource record; indicating a root DNS server and a corresponding host (A) resource record for that root DNS server.  Otherwise; the DNS server will be unable to contact the root DNS server on startup and will be unable to answer queries for names outside of its own authoritative zones.  To correct this problem; use the DNS console to update the server root hints.  For more information; see the online Help.

Event ID 3221226472 — The DNS server could not open the file {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not open the file {param1}.  Check that the file exists in the %SystemRoot%\System32\Dns directory and that it contains valid data. The event data is the error code.

Fields

Name	Description
`param1`	—

Event ID 3221226473 — The DNS server could not map file {param1} to memory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not map file {param1} to memory.  Either close other applications that are not in use or reboot the computer to reclaim additional memory for the server to use.

Fields

Name	Description
`param1`	—

Event ID 3221226475 — The DNS server could not find or open the root hints file; Cache.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not find or open the root hints file; Cache.dns; in the %SystemRoot%\System32\Dns directory.  Verify that this file is located in this directory and that it contains at least one name server (NS) resource record; indicating a root DNS server and a corresponding host (A) resource record for that server.  For more information; see the online Help.

Event ID 3221226476 — The DNS server could not find or open zone file {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not find or open zone file {param1}.  in the %SystemRoot%\System32\Dns directory.  Verify that the zone file is located in this directory and that it contains valid data.

Fields

Name	Description
`param1`	—

Event ID 3221226480 — The DNS server was unable to create the path for file {param1} in directory {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to create the path for file {param1} in directory {param2}. The specified path is too long.  Choose a different path.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221226672 — The DNS server could not find or open boot file {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not find or open boot file {param1}.  This file should be called 'Boot' and be located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—

Event ID 3221226673 — The DNS server could not create zone {param1} specified in file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create zone {param1} specified in file {param2} at line {param3}.  Check that the zone file is located in the %SystemRoot%\System32\Dns directory and that it contains valid data.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221226675 — The DNS server encountered a 'forwarders' directive in with no forwarding addresses in file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a 'forwarders' directive in with no forwarding addresses in file {param1} at line {param2}.  Although the DNS server will continue running it will not be able to forward unresolved queries to the forwarders.  To correct the problem; in the DNS console select the server in the console tree; then from the Action menu; click Properties and click the Forwarders tab.  Add IP addresses for forwarders.  For more information; see 'Using forwarders' in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221226677 — The DNS server encountered an unknown boot option {param1} in file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an unknown boot option {param1} in file {param2} at line {param3}. The option is ignored.  You may want to remove it the option from the boot file which is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221226678 — DNS server encountered missing database directory name; in file {param1}; line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

DNS server encountered missing database directory name; in file {param1}; line {param2}.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221226973 — The DNS server could not parse zone file {param1} for zone {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not parse zone file {param1} for zone {param2}.  Check that the zone file is located in the %SystemRoot%\System32\Dns directory and that it contains valid data.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221226974 — The DNS server could not parse the token '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not parse the token '{param1}' in zone file {param2} at line {param3}. Although the DNS server will continue to load; ignoring this token; it is recommended that you either correct the token or remove this resource record from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221226975 — The DNS server could not parse the zone file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not parse the zone file {param1} at line {param2}.  Although the DNS server continues to load; ignoring this line; it is recommended that you either correct the line or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221226976 — The DNS server could not parse an unexpected token '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not parse an unexpected token '{param1}' in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this token; it is recommended that you either correct the token or remove the resource record from the zone file; which is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221226977 — The DNS server unexpected end of line; in zone file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server unexpected end of line; in zone file {param1} at line {param2}.  To correct the problem; fix this line in the zone file; which is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221226978 — The DNS server encountered invalid token '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered invalid token '{param1}' in zone file {param2} at line {param3}. Although the DNS server continues to load; ignoring this token; it is recommended that you either correct the token or remove this resource record from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221226979 — The DNS server encountered invalid class token '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered invalid class token '{param1}' in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this resource record (RR); it is recommended that you either correct the class of the RR to use the Internet (IN) class or remove the resource record from the zone file. The DNS server supports only the Internet (IN) class in RRs.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221226980 — The DNS server is ignoring an invalid resource record in zone file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server is ignoring an invalid resource record in zone file {param1} at line {param2}. See the previously logged event for a description of the error. Although the DNS server continues to load; ignoring this RR; it is recommended that you investigate the error associated with this record and either correct it or remove it from the zone file.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221226996 — DNSSEC signatures with key tag {param1}; associated with records in zone {param2}; have expired.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

DNSSEC signatures with key tag {param1}; associated with records in  zone {param2}; have expired.  Name resolution will fail for resolvers that require validation until new signatures are created.  To create new signatures; re-sign the zone.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221227012 — The DNS server unable to create domain node.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server unable to create domain node.

Event ID 3221227013 — The DNS server encountered invalid domain name '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered invalid domain name '{param1}' in zone file {param2} at line {param3}. Although the DNS server continues to load; ignoring this name; it is strongly recommended that you either correct the name or remove the resource record from the zone file; which is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227014 — The DNS server encountered invalid domain name '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered invalid domain name '{param1}'.

Fields

Name	Description
`param1`	—

Event ID 3221227015 — The DNS server encountered domain name '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered domain name '{param1}' exceeding maximum length. Although the DNS server continues to load; ignoring this name; it is recommended that you either correct the name or remove the resource record from the zone file; which is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—

Event ID 3221227016 — The DNS server encountered an invalid '@' token '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid '@' token '{param1}' in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this token; it is recommended that you either correct the token or remove the resource record from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227017 — The DNS server encountered a name outside of the specified zone in zone file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a name outside of the specified zone in zone file {param1} at line {param2}.  Although the DNS server continues to load; ignoring this resource record (RR); it is recommended that you either correct the RR or remove it from the zone file; which is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221227018 — The DNS server encountered an invalid name server (NS) resource record in zone file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid name server (NS) resource record in zone file {param1} at line {param2}.  The use of NS resource records (RR) must be at either the zone root node or be placed at at the sub-zone context within the zone for a domain being delegated away from this zone. Although the DNS server continues to load; ignoring this RR; it is recommended that you either correct the RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.  For more information; see 'Delegating zones' in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221227019 — The DNS server encountered an invalid host (A) resource record in zone file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid host (A) resource record in zone file {param1} at line {param2}.  The use of A resource records (RRs) must be at a domain name within the zone; with the exception of glue A RRs which are used to resolve the host name specified in an NS RR also contained at the same domain node and used for a zone delegation.  Although the DNS server continues to load; ignoring this RR; it is strongly recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.  For more information; see 'Delegating zones' in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221227072 — The DNS server encountered an unknown or unsupported resource record (RR) type {param1} in zone file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an unknown or unsupported resource record (RR) type {param1} in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this RR; it is recommended that you either correct the record type or remove this RR from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227074 — The DNS server encountered an invalid SOA (Start Of Authority) resource record (RR) in file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid SOA (Start Of Authority) resource record (RR) in file {param1} at line {param2}. An SOA record is required in every zone files and must satify the following conditions:  1)  The SOA record must be the first record in the zone file.  2)  The SOA record must belong to the root of the zone ('@' in zone file).  3)  Only one SOA is allowed in the zone.  4)  SOA records are NOT valid in root-hints (cache.dns) file.  To correct the problem modify or repair the SOA RR in zone file {param1}; which can be found in the %SystemRoot%\System32\Dns directory. For more information; see the 'Resource records reference' in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221227082 — The DNS server encountered a resource record (RR) in the zone file {param1} at line {param2} for a domain name with an existing CNAME (alias) RR.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a resource record (RR) in the zone file {param1} at line {param2} for a domain name with an existing CNAME (alias) RR.  Where used; CNAME RRs must be the only RR for the domain name they are used to provide an alias for.  Either this RR; or the CNAME RR it conflicts with; needs to be deleted from zone file {param1}; which can be found in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221227083 — The DNS server encountered a CNAME (alias) resource record (RR) in zone file {param1} at line {param2} for a domain name with existing RRs.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a CNAME (alias) resource record (RR) in zone file {param1} at line {param2} for a domain name with existing RRs.  Where used; CNAME RRs must be the only RR for the domain name they are used to provide an alias for.  Either this CNAME RR; or the one it conflicts with; needs to be deleted from zone file {param1}; which can be found in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221227084 — The DNS server encountered an alias (CNAME or DNAME) resource record (RR) in zone file {param1} at line {param2} that forms an alias loop with anot...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an alias (CNAME or DNAME) resource record (RR) in zone file {param1} at line {param2} that forms an alias loop with another alias RR in the zone.  One of the alias RRs forming the loop must be removed from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221227085 — The DNS server encountered an invalid preference value '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid preference value '{param1}' in zone file {param2} at line {param3}.  The preference must be a valid 16-bit unsigned integer. To correct the problem; modify the preference field to a valid value. The zone file {param2} is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227086 — The DNS server encountered a token '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a token '{param1}' of the wrong format in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this resource record (RR); it is recommended that you either correct this RR or remove it from zone file {param2}; located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227088 — The DNS server encountered a text string '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a text string '{param1}' in zone file {param2} at line {param3} that exceeds the maximum permissible length.  Although the DNS server continues to load; ignoring this resource record (RR); it is strongly recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227089 — The DNS server encountered an invalid IP address '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid IP address '{param1}' in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this resource record (RR); it is recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227090 — The DNS server encountered an invalid IPv6 address '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid IPv6 address '{param1}' in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this resource record (RR); it is recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227091 — The DNS server could not find protocol '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not find protocol '{param1}' specified for the well known service (WKS) resource record (RR) in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this RR; it is strongly recommended that you either correct this WKS RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227092 — The DNS server could not find the service '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not find the service '{param1}' specified for the well known service (WKS) resource record (RR) in zone file {param2} at line {param3}. Although the DNS server continues to load; ignoring this RR; it is recommended that you either correct this WKS RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227093 — The DNS server encountered the port '.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered the port '{param1}' specified for the well known service (WKS) resource record (RR) in zone file {param2} at line {param3}. This port exceeds the maximum port supported for the WKS RR.  Although the DNS server continues to load; ignoring this RR; it is strongly recommended that you either correct this WKS RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227122 — The DNS server encountered invalid WINS record in file {param1}; line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered invalid WINS record in file {param1}; line {param2}.  WINS records are subject to the following conditions:   1) WINS record must be in forward lookup zone (not in in-addr.arpa domain).   2) Only one WINS record may be specified in a zone file.   3) WINS record must belong to the zone root (the WINS record name must be the origin of the zone).  If WINS lookup is desired for names in a sub-domain of the zone; then the sub-domain must be split into its own zone.   4) WINS record must specify at least one WINS server.  The format of a WINS record: WINS [LOCAL] [L<lookup timeout>] [C<cache timeout>] <WINS IP> [WINS IPs...]  Examples (zone root assumed to be current origin): @ IN       WINS LOCAL L1 C10 10.10.10.1 10.10.10.2 10.10.10.3 @ IN       WINS 10.10.10.1  For more information; see 'Using WINS lookup' in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221227123 — The DNS server encountered an invalid WINS reverse lookup (WINSR) resource record (RR) in file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an invalid WINS reverse lookup (WINSR) resource record (RR) in file {param1} at line {param2}.  WINSR records are subject to the following conditions:   1) WINSR record must be in reverse lookup zone (under in-addr.arpa domain).   2) Only one WINSR record may be specified in a zone file.   3) WINSR record must belong to the zone root (the WINS record name must be the origin of the zone).   4) WINSR record must specify at domain for the resulting name.  The format of a WINSR record: WINSR [LOCAL] [L<lookup timeout>] [C<cache timeout>] <result domain>  Examples (zone root assumed to be current origin): @ IN       WINSR LOCAL L1 C10 microsoft.com. @ IN       WINSR wins.microsoft.com.  For more information; see 'Using WINS lookup' in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221227126 — The DNS server encountered an unknown WINS-to-DNS mapping flag {param1} in file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an unknown WINS-to-DNS mapping flag {param1} in file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this flag; it is recommended that you either correct the associated resource record or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227128 — The DNS server encountered a WINS reverse lookup (WINSR) resource record (RR) without a domain specified for resulting names in zone file {param1} ...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered a WINS reverse lookup (WINSR) resource record (RR) without a domain specified for resulting names in zone file {param1} at line {param2}.  This field is required for mapping names that are found in WINS reverse lookup to fully-qualfied DNS domain names.  It is appended to the NetBIOS computer names resolved by NetBIOS adapter status queries. Although the DNS server will continue to load; ignoring this RR; it is recommended that you either correct the WINSR RR or disable WINS reverse lookup and/or remove the RR from the zone file. The zone file is located in the %SystemRoot%\System32\Dns directory. For more information; see 'Using WINS lookup' in the online Help.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221227475 — The DNS server encountered an error writing current configuration back to boot file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an error writing current configuration back to boot file. Verify that the current boot file contains all of the desired information. The Boot file is located in the %SystemRoot%\System32\Dns directory.

Event ID 3221227672 — The DNS server could not open a registry key.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not open a registry key.  Reinstall the DNS server if it was not able to be started.  If the DNS server started; but couldn't load a zone; reload the zone or restart the DNS server.

Event ID 3221227674 — The DNS server could not write a registry key.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not write a registry key.  The server disk could be full or corrupted or the maximum permissible size for the server registry has been reached.  The DNS server will not be able to save server or zone configuration parameters to in the registry unless the problem is fixed.

Event ID 3221227675 — The DNS server could not delete a registry key.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not delete a registry key.  The registry is likely corrupted.  The DNS server will not be able to save DNS server or zone configuration parameters in the registry unless the problem is fixed.

Event ID 3221227676 — The registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\{param1} contains an invalid value or could not be read. The DNS server cannot start. You must change this value to valid data or delete it and then attempt to restart the DNS service.

Fields

Name	Description
`param1`	—

Event ID 3221228623 — The DNS server unable to write zone file {param1} for zone {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server unable to write zone file {param1} for zone {param2}.  Most likely the server disk is full.  Free some disk space and re-initiate zone write.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221228624 — The DNS server was unable to open file {param1} for write.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to open file {param1} for write.  Most likely the file is a zone file that is already open.  Close the zone file and re-initiate zone write.

Fields

Name	Description
`param1`	—

Event ID 3221228625 — The DNS server encountered an error writing to file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an error writing to file.  Most likely the server disk is full.  Free some disk space at the server and re-initiate zone write. The event data is the error code.

Event ID 3221228632 — The DNS server encountered an non-writeable or unknown resource record (RR) type when writing the zone database to file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an non-writeable or unknown resource record (RR) type when writing the zone database to file. The event data is applicable RR type.

Event ID 3221228634 — The DNS server encountered an unknown protocol writing a well known service (WKS) resource record to the zone file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server encountered an unknown protocol writing a well known service (WKS) resource record to the zone file. The event data is applicable the protocol number.

Event ID 3221228635 — While writing a well known service (WKS) record to the zone file; the DNS server encountered a port number that is not associated with a known serv...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

While writing a well known service (WKS) record to the zone file; the DNS server encountered a port number that is not associated with a known service. The event data is the port number of the unknown service.

Event ID 3221229472 — The DNS server was unable to open Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Event ID 3221229473 — The DNS server was unable to open zone {param1} in the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to open zone {param1} in the Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Fields

Name	Description
`param1`	—

Event ID 3221229474 — The DNS server was unable to add zone {param1} to the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to add zone {param1} to the Active Directory.  Check that the Active Directory is available.  Note that the zone will not be be added to and written to the directory unless you re-attempt adding the zone using the DNS console.  The event data contains the error. For more information see 'Add and Remove Zones' in the online Help.

Fields

Name	Description
`param1`	—

Event ID 3221229475 — The DNS server was unable to delete zone {param1} in the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to delete zone {param1} in the Active Directory.  Check that the Active Directory is functioning properly.  Note that this zone will not be removed from the directory unless you retry deleting of the zone using the DNS console. The event data contains the error. For more information see 'Add and Remove Zones' in the online Help.

Fields

Name	Description
`param1`	—

Event ID 3221229476 — The DNS server was unable to complete directory service enumeration of zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to complete directory service enumeration of zone {param1}.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is '{param2}'. The event data contains the error.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221229478 — The DNS server could not load the records for the DNS name {param1} found in the Active Directory integrated zone {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not load the records for the DNS name {param1} found in the Active Directory integrated zone {param2}. A possible cause is that this DNS name contains character(s) not permitted by the name-checking setting on this DNS server.  To allow these records to be loaded choose the appropriate name-checking  setting on the DNS server.  To delete these records from the Active Directory; first allow the DNS server to load them by changing the name-checking setting on this DNS server to allow all names. Then restart the DNS server service to cause the records to be loaded. The records will now appear in the DNS Manager and may be deleted. When the records have been deleted; restore the DNS server name-checking setting to the preferred value.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221229479 — The DNS server was unable to open zone {param1} in the Active Directory from the application directory partition {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to open zone {param1} in the Active Directory from the application directory partition {param2}. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221229482 — The DNS server was unable to create a resource record for {param1} in zone {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to create a resource record for  {param1} in zone {param2}. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221229483 — The DNS server was unable to add or write an update of domain name {param1} in zone {param2} to the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to add or write an update of domain name {param1} in zone {param2} to the Active Directory.  Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is '{param3}'. The event data contains the error.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221229484 — The DNS server timed out attempting to write resource records to the Active Directory at {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server timed out attempting to write resource records to the Active Directory at {param1}.  Check that the directory is functioning properly and add or update the records using the DNS console. The event data contains the error.

Fields

Name	Description
`param1`	—

Event ID 3221229486 — The DNS server was unable to initialize Active Directory security interfaces.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to initialize Active Directory security interfaces. Check that the Active Directory is functioning properly and restart the DNS server. The event data contains the error.

Event ID 3221229487 — The DNS server has encountered a critical error from the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is '{param1}'. The event data contains the error.

Fields

Name	Description
`param1`	—

Event ID 3221229488 — The DNS server timed out attempting an Active Directory service operation on {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server timed out attempting an Active Directory service operation on {param1}.  Check Active Directory to see that it is functioning properly. The event data contains the error.

Fields

Name	Description
`param1`	—

Event ID 3221229983 — The zone {param1} was not successfully saved to the new directory partition as {param2} due to an error deleting the zone from the old directory pa...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The zone {param1} was not successfully saved to the new directory partition as {param2} due to an error deleting the zone from the old directory partition as {param3}.  The DNS Server has attempted to undo the changes; but manual cleanup of the zone may be required. The event data contains the error code.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221230577 — The DNS server attempted to cache an CNAME (alias) resource record for the domain node.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server attempted to cache an CNAME (alias) resource record for the domain node.  The operation failed; since the CNAME RR must be the only RR for its domain name.

Event ID 3221230578 — The DNS server attempted to cache an CNAME (alias) resource record (RR) for a domain name with existing RRs.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server attempted to cache an CNAME (alias) resource record (RR) for a domain name with existing RRs.  The CNAME RR is ignored; since it must be the only RR for its domain name.

Event ID 3221230579 — The DNS server created CNAME (alias) loop caching CNAME resource records (RRs).

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server created CNAME (alias) loop caching CNAME resource records (RRs).  The record is ignored; since CNAME loops are not allowed.

Event ID 3221230580 — The DNS server created an CNAME (alias) loop loading CNAME at {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server created an CNAME (alias) loop loading CNAME at {param1}. One link in CNAME loop:  DNS name {param2} is an alias for CNAME {param3}. See adjoining messages for other links in the CNAME loop.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221231996 — Invalid response from master DNS server at {param2} during attempted zone transfer of zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Invalid response from master DNS server at {param2} during attempted zone transfer of zone {param1}.  Check the DNS server at {param2} and ensure that it is authoritative for this zone.  This can be done by viewing or updating the list of authoritative servers for the zone.  When using the DNS console; select zone {param1} Properties at server {param2} and click the Name Servers tab.  If needed; you can add or update this server in the list there.  As an alternative solution; you could also modify settings in the Zone Transfer tab to allow transfer of the zone to this and other DNS servers.

Fields

Name	Description
`param2`	—
`param1`	—

Event ID 3221231997 — A zone transfer request for the secondary zone {param1} was refused by the master DNS server at {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

A zone transfer request for the secondary zone {param1} was refused by the master DNS server at {param2}. Check the zone at the master server {param2} to verify that zone transfer is enabled to this server.  To do so; use the DNS console; and select master server {param2} as the applicable server; then in secondary zone {param1} Properties; view the settings on the Zone Transfers tab.  Based on the settings you choose; make any configuration adjustments there (or possibly in the Name Servers tab) so that a zone transfer can be made to this server.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221231999 — Zone {param1} expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Zone {param1} expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.  The zone has been shut down.

Fields

Name	Description
`param1`	—

Event ID 3221232002 — During transfer of zone {param1} from master at {param2}; the DNS server received a resource record (RR) for domain node {param3} at which an CNAME...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

During transfer of zone {param1} from master at {param2}; the DNS server received a resource record (RR) for domain node {param3} at which an CNAME (alias) RR was already received.  When used; the CNAME RR must be the only record for its domain name.  The CNAME RR for {param3} will be ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221232003 — During transfer of zone {param1} from master at {param2}; the DNS server received a CNAME (alias) resource record (RR) for domain node {param3} for...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

During transfer of zone {param1} from master at {param2}; the DNS server received a CNAME (alias) resource record (RR) for domain node {param3} for which other records of that name were already received.  When used; the CNAME RR must be the only record for its domain name.  The CNAME RR for {param3} will be ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221232004 — During transfer of zone {param1} from master at {param2}; the DNS server received a CNAME (alias) resource record (RR) for domain node {param3} whi...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

During transfer of zone {param1} from master at {param2}; the DNS server received a CNAME (alias) resource record (RR) for domain node {param3} which would form an CNAME loop if accepted and used.  The CNAME RR for {param3} is being ignored.

Fields

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221232005 — The DNS server could not create a zone transfer thread.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not create a zone transfer thread.  The system may be out of resources.  Close any applications not in use or reboot the computer to free memory. The event data contains the error.

Event ID 3221232006 — Failed transfer of zone {param1} from DNS server at {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Failed transfer of zone {param1} from DNS server at {param2}.  The DNS server at {param2} aborted or failed to complete transfer of the zone.  Check the DNS server at {param2} and ensure it is properly functioning and authoritative for zone {param1}.

Fields

Name	Description
`param1`	—
`param2`	—

Event ID 3221232008 — Invalid IXFR (Incremental Zone Transfer) response from master DNS server at {param2} during attempted incremental transfer of zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

Invalid IXFR (Incremental Zone Transfer) response from master DNS server at {param2} during attempted incremental transfer of zone {param1}.  Check the DNS server at {param2}; and verify its is running as a Windows 2000 or later Microsoft DNS server or  another IXFR-compatible DNS server implementation.

Fields

Name	Description
`param2`	—
`param1`	—

Event ID 3221232174 — DNS server has updated its own host (A) records.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

DNS server has updated its own host (A) records.  In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server; an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update; the record data is the error code.  If this DNS server does not have any DS-integrated peers; then this error should be ignored.  If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server; they will be unable to replicate with it.  To ensure proper replication: 1) Find this server's Active Directory replication partners that run the DNS server. 2) Open DnsManager and connect in turn to each of the replication partners. 3) On each server; check the host (A record) registration for THIS server. 4) Delete any A records that do NOT correspond to IP addresses of this server. 5) If there are no A records for this server; add at least one A record corresponding to an address on this server; that the replication partner can contact.  (In other words; if there multiple IP addresses for this DNS server; add at least one that is on the same network as the Active Directory DNS server you are updating.) 6) Note; that is not necessary to update EVERY replication partner.  It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

Event ID 3221232522 — The DNS server recv() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server recv() function failed. The event data contains the error.

Event ID 3221232523 — The DNS server recvfrom() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server recvfrom() function failed. The event data contains the error.

Event ID 3221232524 — The DNS server send() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server send() function failed. The event data contains the error.

Event ID 3221232525 — The DNS server sendto() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server sendto() function failed. The event data contains the error.

Event ID 3221232526 — The DNS server select() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server select() function failed. The event data contains the error.

Event ID 3221232527 — The DNS server accept() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server accept() function failed. The event data contains the error.

Event ID 3221232528 — The DNS server GetQueuedCompletionStatus() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server GetQueuedCompletionStatus() function failed. The event data contains the error.

Event ID 3221232974 — The DNS server was unable to service a client request due a shortage of available memory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server was unable to service a client request due a shortage of available memory.  Close any applications not in use or reboot the computer to free memory.

Event ID 3221232975 — The DNS server could not allocate memory for resource record {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not allocate memory for resource record {param1}. Close any applications not in use or reboot the computer to free memory.

Fields

Name	Description
`param1`	—

Event ID 3221232976 — The DNS server could not allocate memory for the node of domain name {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message

The DNS server could not allocate memory for the node of domain name {param1}. Close any applications not in use or reboot the computer to free memory.

Fields

Name	Description
`param1`	—