Microsoft-Windows-DNS-Server-Service

497 events across 1 channel

Event ID	Title	Channel
2	The DNS server has started.	DNS Server
3	The DNS server has shut down.	DNS Server
4	The DNS server has finished the background loading and signing of zones.	DNS Server
10	The DNS server could not start because it is dependent on the NTDS service which …	DNS Server
11	The DNS server could not register dependency on serviceName service.	DNS Server
111	The DNS server could not create a thread.	DNS Server
131	DNS Server Zone Transfer	DNS Server
140	DNS Server Service Status	DNS Server
150	The DNS server could not load or initialize the plug-in DLL Name.	DNS Server
403	The DNS server could not create a Transmission Control Protocol (TCP) socket.	DNS Server
404	The DNS server could not bind a Transmission Control Protocol (TCP) socket to …	DNS Server
405	The DNS server could not listen on Transmission Control Protocol (TCP) socket …	DNS Server
406	The DNS server could not create a User Datagram Protocol (UDP) socket.	DNS Server
407	The DNS server could not bind a User Datagram Protocol (UDP) socket to Name.	DNS Server
408	The DNS server could not open socket for address Name.	DNS Server
409	The DNS server list of restricted interfaces contains IP addresses that are not …	DNS Server
410	The DNS server list of restricted interfaces does not contain a valid IP address …	DNS Server
411	The DNS server has bound one or more socket pool sockets to port numbers from …	DNS Server
414	The DNS server computer currently does not have a DNS domain name.	DNS Server
500	The DNS server has detected that the zone param1 has invalid or corrupted …	DNS Server
501	The DNS server has detected that the zone param1 has a missing or corrupted zone …	DNS Server
502	The DNS server has detected that for the primary zone param1 its has no zone …	DNS Server
503	The DNS server has detected that the secondary zone param1 has no master IP …	DNS Server
504	The DNS server could not create zone param1 from registry data.	DNS Server
505	The DNS server zone param1 has invalid or corrupted registry data for param2.	DNS Server
506	The DNS server has invalid or corrupted registry parameter param1.	DNS Server
507	The DNS server encountered invalid or corrupted forwarder parameters in registry …	DNS Server
706	The DNS server does not have a cache or other database entry for root name …	DNS Server
707	The DNS server is not root authoritative and no root hints were specified in the …	DNS Server
708	The DNS server did not detect any zones of either primary or secondary type …	DNS Server
709	The DNS server has moved the AD-integrated root hint data for all DNS servers in …	DNS Server
710	An administrator has changed the type and zone storage options of zone param1.	DNS Server
711	An administrator has changed the type and/or Active Directory location of zone …	DNS Server
712	An administrator has changed the zone storage options for zone param1.	DNS Server
713	An administrator has moved the zone param1 to a new location in Active …	DNS Server
768	The DNS server has loaded the scope param1 of zone param2 from file param3 on …	DNS Server
769	The DNS server has loaded the zone param1 from file param2 on server param3.	DNS Server
770	A DNS server plugin DLL has been loaded from location param1 on server param2.	DNS Server
771	The V1 plugin interface has been implemented in server level plugin DLL.	DNS Server
772	The V2 plugin interface has been implemented in server level plugin DLL.	DNS Server
773	The V3 plugin interface to select scopes of a zone has been implemented in …	DNS Server
774	The RecursionScope plugin interface to select scope of the DNS server has been …	DNS Server
775	The CacheScope plugin interface to select scope of the DNS cache has been …	DNS Server
776	The DNS server has started to unsign the zone param1 on server param2.	DNS Server
777	The DNS server encountered an error while unsigning the zone param1.	DNS Server
784	The key signing key with GUID param1 of zone param2 has moved to stage param3 of …	DNS Server
785	The zone signing key with GUID param1 of zone param2 has moved to stage param3 …	DNS Server
786	The DNS server is being started in authoritative-cache mode param1.	DNS Server
787	Negative caching has been disabled on the server param1.	DNS Server
788	The DNS server has loaded the scope param1 of server param2.	DNS Server
789	The DNS server has loaded the virtualization instance: VirtualizationID.	DNS Server
790	The EDNS option code param1 for scope transaction is invalid or conflicts with …	DNS Server
791	The ScopeOptionValue has been set to param1.	DNS Server
792	Failed to load server level policy Policy of server Server.	DNS Server
793	Failed to load zone level policy Policy of zone Zone on server Server.	DNS Server
794	Failed to load zone level policy Policy of zone Zone on server Server.	DNS Server
795	Failed to load server level policy Policy on server Server.	DNS Server
796	Failed to load the client subnet ClientSubnetRecord.	DNS Server
797	Failed to load a server level policy of server Server.	DNS Server
798	Failed to load a zone level policy of zone Zone on server Server.	DNS Server
799	Failed to load client subnets on server Server.	DNS Server
800	The zone param1 is configured to accept updates but the A record for the primary …	DNS Server
801	Failed to load Response Rate Limiting parameters on server Server.	DNS Server
802	Failed to enable Response Rate Limiting on server Server.	DNS Server
803	The EDNS option code param1 for the virtualization instance option is invalid or …	DNS Server
804	Failed to load virtualization instance: VirtualizationID.	DNS Server
805	Failed to read the virtualization instance from registry.	DNS Server
806	The VirtualizationInstanceOptionValue has been set to param1.	DNS Server
807	The DNS server received indication that scope param1 of zone param2 was deleted …	DNS Server
808	The V6 plugin interface has been implemented in server level plugin DLL.	DNS Server
809	The EDNS option code param1 for the DNS data tag is invalid or conflicts with …	DNS Server
817	The DataTagOptionValue has been set to param1.	DNS Server
818	The throttle plugin interface has been implemented in server level plugin DLL.	DNS Server
819	The CorrelationTagOptionValue has been set to param1.	DNS Server
820	The logging plugin interface has been implemented in server level plugin DLL.	DNS Server
821	The init query plugin interface has been implemented in server level plugin DLL.	DNS Server
822	Successfully started HTTP server for DNS-over-HTTPS (DoH) server.	DNS Server
823	The DNS server could not initialize the HTTP server for DNS-over-HTTPS (DoH) and …	DNS Server
824	The DNS server could not create the HTTP server session for DNS-over-HTTPS (DoH) …	DNS Server
825	The DNS server could not register the URL for the DNS-over-HTTPS (DoH) server …	DNS Server
826	The DNS server could not create the HTTP request queue for DNS-over-HTTPS (DoH) …	DNS Server
827	The configuration for DNS-over-HTTPS (DoH) server are.	DNS Server
828	The DNS-over-HTTPS (DoH) server has shut down gracefully.	DNS Server
829	The DNS-over-HTTPS (DoH) server has shut down due to an error and failed with …	DNS Server
1000	The DNS server could not open the file param1.	DNS Server
1001	The DNS server could not map file param1 to memory.	DNS Server
1003	DNS Server RPC Protocol Initialization	DNS Server
1004	The DNS server could not find or open zone file param1.	DNS Server
1008	The DNS server was unable to create the path for file param1 in directory …	DNS Server
1200	The DNS server could not find or open boot file param1.	DNS Server
1201	The DNS server could not create zone param1 specified in file param2 at line …	DNS Server
1202	The DNS server encountered an unsupported 'directory' directive in the server …	DNS Server
1203	The DNS server encountered a 'forwarders' directive in with no forwarding …	DNS Server
1205	The DNS server encountered an unknown boot option param1 in file param2 at line …	DNS Server
1206	DNS server encountered missing database directory name, in file param1, line …	DNS Server
1501	The DNS server could not parse zone file param1 for zone param2.	DNS Server
1502	The DNS server could not parse the token "param1" in zone file param2 at line …	DNS Server
1503	The DNS server could not parse the zone file param1 at line param2.	DNS Server
1504	The DNS server could not parse an unexpected token "param1" in zone file param2 …	DNS Server
1505	The DNS server unexpected end of line, in zone file param1 at line param2.	DNS Server
1506	The DNS server encountered invalid token "param1" in zone file param2 at line …	DNS Server
1507	The DNS server encountered invalid class token "param1" in zone file param2 at …	DNS Server
1508	The DNS server is ignoring an invalid resource record in zone file param1 at …	DNS Server
1520	The DNS server encountered the unknown directive 'param1' in file param2 at line …	DNS Server
1521	The DNS server encountered the unsupported directive 'param1' in file param2 at …	DNS Server
1522	The DNS server encountered the obsolete directive 'param1' in file param2 at …	DNS Server
1523	The DNS server encountered the directive 'param1' in file param2 at line param3.	DNS Server
1524	DNSSEC signatures with key tag param1, associated with records in zone param2, …	DNS Server
1525	DNSSEC signatures with key tag param1, associated with records in zone param2, …	DNS Server
1540	The DNS server unable to create domain node.	DNS Server
1541	The DNS server encountered invalid domain name "param1" in zone file param2 at …	DNS Server
1542	The DNS server encountered invalid domain name "param1".	DNS Server
1543	The DNS server encountered domain name "param1" exceeding maximum length.	DNS Server
1544	The DNS server encountered an invalid "@" token "param1" in zone file param2 at …	DNS Server
1545	The DNS server encountered a name outside of the specified zone in zone file …	DNS Server
1546	The DNS server encountered an invalid name server (NS) resource record in zone …	DNS Server
1547	The DNS server encountered an invalid host (A) resource record in zone file …	DNS Server
1600	The DNS server encountered an unknown or unsupported resource record (RR) type …	DNS Server
1601	DNS server encountered the obsolete record type param1 in database file param2, …	DNS Server
1602	The DNS server encountered an invalid SOA (Start Of Authority) resource record …	DNS Server
1610	The DNS server encountered a resource record (RR) in the zone file param1 at …	DNS Server
1611	The DNS server encountered a CNAME (alias) resource record (RR) in zone file …	DNS Server
1612	The DNS server encountered an alias (CNAME or DNAME) resource record (RR) in …	DNS Server
1613	The DNS server encountered an invalid preference value "param1" in zone file …	DNS Server
1614	The DNS server encountered a token "param1" of the wrong format in zone file …	DNS Server
1616	The DNS server encountered a text string "param1" in zone file param2 at line …	DNS Server
1617	The DNS server encountered an invalid IP address "param1" in zone file param2 at …	DNS Server
1618	The DNS server encountered an invalid IPv6 address "param1" in zone file param2 …	DNS Server
1619	The DNS server could not find protocol "param1" specified for the well known …	DNS Server
1620	The DNS server could not find the service "param1" specified for the well known …	DNS Server
1621	The DNS server encountered the port "param1" specified for the well known …	DNS Server
1650	The DNS server encountered invalid WINS record in file param1, line param2.	DNS Server
1651	The DNS server encountered an invalid WINS reverse lookup (WINSR) resource …	DNS Server
1654	The DNS server encountered an unknown WINS-to-DNS mapping flag param1 in file …	DNS Server
1656	The DNS server encountered a WINS reverse lookup (WINSR) resource record (RR) …	DNS Server
2001	The DNS server is now booting from the registry or directory.	DNS Server
2002	The DNS server has written a new version of the boot file.	DNS Server
2003	The DNS server encountered an error writing current configuration back to boot …	DNS Server
2005	The DNS server has been reconfigured to boot from a boot file.	DNS Server
2200	The DNS server could not open a registry key.	DNS Server
2202	The DNS server could not write a registry key.	DNS Server
2203	The DNS server could not delete a registry key.	DNS Server
2204	The registry value …	DNS Server
2501	The DNS server has completed a scavenging cycle.	DNS Server
2502	The DNS server has completed a scavenging cycle but no nodes were visited.	DNS Server
2630	DNS Server Configuration	DNS Server
2631	The DNS server successfully autoconfigured.	DNS Server
3150	The DNS server wrote version param1 of zone param2 to file param3.	DNS Server
3151	The DNS server unable to write zone file param1 for zone param2.	DNS Server
3152	The DNS server was unable to open file param1 for write.	DNS Server
3153	The DNS server encountered an error writing to file.	DNS Server
3162	The DNS server encountered an unknown protocol writing a well known service …	DNS Server
3163	While writing a well known service (WKS) record to the zone file, the DNS server …	DNS Server
4000	The DNS server was unable to open Active Directory.	DNS Server
4001	The DNS server was unable to open zone param1 in the Active Directory.	DNS Server
4002	The DNS server was unable to add zone param1 to the Active Directory.	DNS Server
4003	The DNS server was unable to delete zone param1 in the Active Directory.	DNS Server
4004	The DNS server was unable to complete directory service enumeration of zone …	DNS Server
4005	The DNS server received indication that zone param1 was deleted from the Active …	DNS Server
4006	The DNS server could not load the records for the DNS name param1 found in the …	DNS Server
4007	The DNS server was unable to open zone param1 in the Active Directory from the …	DNS Server
4010	The DNS server was unable to create a resource record for param1 in zone param2.	DNS Server
4011	The DNS server was unable to add or write an update of domain name param1 in …	DNS Server
4012	The DNS server timed out attempting to write resource records to the Active …	DNS Server
4013	The DNS server is waiting for Active Directory Domain Services (AD DS) to signal …	DNS Server
4014	The DNS server was unable to initialize Active Directory security interfaces.	DNS Server
4015	The DNS server has encountered a critical error from the Active Directory.	DNS Server
4016	The DNS server timed out attempting an Active Directory service operation on …	DNS Server
4017	The DNS server was unable to load or create the DnsAdmins group.	DNS Server
4018	The DNS server was unable to begin background loading of Active …	DNS Server
4019	The DNS server attempted to load the Active Directory-integrated zone param1 in …	DNS Server
4020	The DNS server is now starting to load zone param1 in the background.	DNS Server
4021	The DNS server has completed background loading of zone param1.	DNS Server
4400	The DNS server is experiencing high SOA query load.	DNS Server
4401	The DNS server is experiencing high SOA query load.	DNS Server
4500	The DNS Application Directory Partition param1 was created.	DNS Server
4501	The DNS Application Directory Partition param1 was deleted.	DNS Server
4502	The DNS added the local Active Directory to the replication scope of Application …	DNS Server
4503	The DNS removed the local Active Directory from the replication scope of …	DNS Server
4510	The DNS server was unable to connect to the domain naming FSMO param1.	DNS Server
4511	The zone param1 was not successfully saved to the new directory partition as …	DNS Server
4512	The DNS server was unable to create the built-in directory partition param1.	DNS Server
4513	The DNS server detected that it is not enlisted in the replication scope of the …	DNS Server
4514	The DNS server detected that it is not enlisted in the replication scope of the …	DNS Server
4515	The zone param1 was previously loaded from the directory partition param2 but …	DNS Server
4520	The DNS server encountered error param1 building the zone list from Active …	DNS Server
4521	The DNS server encountered error param1 attempting to load zone param2 from …	DNS Server
4522	The DNS server has deleted all records for a corrupt DNS node from Active …	DNS Server
4523	The DNS server has detected that the application directory partition param1 is …	DNS Server
4524	The DNS server has detected that the application directory partition param1 has …	DNS Server
5051	The DNS server is using a large amount of memory.	DNS Server
5105	The DNS server attempted to cache an CNAME (alias) resource record for the …	DNS Server
5106	The DNS server attempted to cache an CNAME (alias) resource record (RR) for a …	DNS Server
5107	The DNS server created CNAME (alias) loop caching CNAME resource records (RRs).	DNS Server
5108	The DNS server created an CNAME (alias) loop loading CNAME at param1.	DNS Server
5500	The DNS server received a bad DNS query from param1.	DNS Server
5501	The DNS server encountered a bad packet from param1.	DNS Server
5502	The DNS server received a bad TCP-based DNS message from param1.	DNS Server
5504	The DNS server encountered an invalid domain name in a packet from param1.	DNS Server
5505	The DNS server encountered a domain name exceeding the maximum length in the …	DNS Server
5506	The DNS server encountered an invalid domain name offset in a packet from …	DNS Server
5507	The DNS server encountered a name offset exceeding the packet length from …	DNS Server
5508	The DNS server encountered a packet name exceeding the maximum label count from …	DNS Server
5509	The DNS server encountered an invalid DNS update message from param1.	DNS Server
5510	The DNS server encountered an invalid response message from param1.	DNS Server
5511	The DNS server encountered a name with a label whose length exceeds the maximum …	DNS Server
6000	The DNS server started transfer of version param1 of zone param2 to the DNS …	DNS Server
6001	The DNS server successfully completed transfer of version param1 of zone param2 …	DNS Server
6002	The transfer of version param1 of zone param2 by the DNS server was aborted by …	DNS Server
6003	The DNS server received a request from param1 for a UDP-based transfer of the …	DNS Server
6004	The DNS server received a zone transfer request from param1 for a non-existent …	DNS Server
6520	Zone param1 was updated to version param2 of the zone as provided from the …	DNS Server
6521	Zone param1 is synchronized with version param2 of the zone as provided from the …	DNS Server
6522	A more recent version, version param1 of zone param2 was found at the DNS server …	DNS Server
6523	Zone param1 failed zone refresh check.	DNS Server
6524	Invalid response from master DNS server at param2 during attempted zone transfer …	DNS Server
6525	A zone transfer request for the secondary zone param1 was refused by the master …	DNS Server
6526	Zone param1 version param2 is newer than version param3 on DNS server at param4.	DNS Server
6527	Zone param1 expired before it could obtain a successful zone transfer or update …	DNS Server
6528	The scope param1 of zone param2 expired before it could obtain a successful zone …	DNS Server
6529	The operation for zone param1 is not complete.	DNS Server
6530	During transfer of zone param1 from master at param2, the DNS server received a …	DNS Server
6531	During transfer of zone param1 from master at param2, the DNS server received a …	DNS Server
6532	During transfer of zone param1 from master at param2, the DNS server received a …	DNS Server
6533	The DNS server could not create a zone transfer thread.	DNS Server
6534	Failed transfer of zone param1 from DNS server at param2.	DNS Server
6535	The master DNS server at param2 responded to IXFR (Incremental Zone Transfer) …	DNS Server
6536	Invalid IXFR (Incremental Zone Transfer) response from master DNS server at …	DNS Server
7050	The DNS server recv() function failed.	DNS Server
7051	The DNS server recvfrom() function failed.	DNS Server
7052	The DNS server send() function failed.	DNS Server
7053	The DNS server sendto() function failed.	DNS Server
7054	The DNS server select() function failed.	DNS Server
7055	The DNS server accept() function failed.	DNS Server
7056	The DNS server GetQueuedCompletionStatus() function failed.	DNS Server
7060	The DNS server could not connect to DNS server at param1.	DNS Server
7062	The DNS server encountered a packet addressed to itself on IP address param1.	DNS Server
7500	The DNS server failed to process a packet from param1.	DNS Server
7502	The DNS server was unable to service a client request due a shortage of …	DNS Server
7503	The DNS server could not allocate memory for resource record param1.	DNS Server
7504	The DNS server could not allocate memory for the node of domain name param1.	DNS Server
7600	The global query block list is a feature that prevents attacks on your network …	DNS Server
7616	The TrustAnchors zone could not be loaded:param1.	DNS Server
7632	The DNSSEC trust point param1 is available for DNSSEC validation.	DNS Server
7633	The DNSSEC trust point param1 is available for DNSSEC validation.	DNS Server
7634	The DNSSEC trust point param1 is not available for DNSSEC validation, because a …	DNS Server
7635	The DNSSEC trust point param1 will be deleted after param2 because it has no …	DNS Server
7636	The DNSSEC trust point param1 has been deleted because it has no valid or …	DNS Server
7637	The DS record with the key tag param2 at the trust point param1 will be replaced …	DNS Server
7638	The DNSKEY with the key tag param2 at the trust point param1 is now a valid …	DNS Server
7639	The trust anchor with the key tag param2 at the trust point param1 has been …	DNS Server
7640	The DNSKEY with the key tag param2 at the trust point param1 has been marked as …	DNS Server
7641	The DNSKEY with the key tag param2 at the trust point param1 will become a trust …	DNS Server
7642	The DS record with the key tag param2 at the trust point param1 does not …	DNS Server
7643	The param3 with the key tag param2 at the trust point param1 has been deleted.	DNS Server
7644	The active refresh query for the DNSKEY records at the trust point param1 has …	DNS Server
7645	The active refresh query for the DNSKEY records at the trust point param1 has …	DNS Server
7646	The zone param1 is now signed with DNSSEC.	DNS Server
7647	The zone param1 is no longer signed with DNSSEC.	DNS Server
7648	The DNS server has detected that it is no longer the Key Master for zone param1.	DNS Server
7649	The DNS server has successfully assumed Key Master responsibilities for zone …	DNS Server
7650	The DNS server has started signing the zone param1.	DNS Server
7652	The DNS server encountered an error while signing the zone param1.	DNS Server
7653	The DNS server has detected that zone signing parameters for zone param1 have …	DNS Server
7654	The DNS server was unable to sign zone data changed by dynamic update at node …	DNS Server
7655	The DNS server was unable to sign zone data changed by a scavenging update to …	DNS Server
7656	The DNS server was unable to sign zone changes replicated from another domain …	DNS Server
7657	The DNS server was unable to refresh signatures at node param1 in zone param2.	DNS Server
7658	The DNS server was unable to complete re-signing of the zone param1.	DNS Server
7659	The DNS server was unable to sign new DS records from the child zone at node …	DNS Server
7660	The DNS server was unable to validate new DS records from the child zone at node …	DNS Server
7661	The DNS server was unable to sign an administrative update at node param1 in …	DNS Server
7662	The DNS server will not be able to automatically refresh the DS record set at …	DNS Server
7663	The DNS server was unable to sign the zone param1 because it encountered an …	DNS Server
7664	The DNS server was unable to sign the zone param1 because it encountered an …	DNS Server
7665	The DNS server was unable to sign the zone param1 because it was unable to …	DNS Server
7666	The DNS server encountered an error signing zone param1 during load.	DNS Server
7667	Keys for the Signing Key Descriptor param1 in zone param2 will be rolled over in …	DNS Server
7668	Keys for the Signing Key Descriptor param1 in zone param2 will be rolled over in …	DNS Server
7669	Keys for the Signing Key Descriptor param1 in zone param2 are starting the …	DNS Server
7670	The rollover process for Signing Key Descriptor param1 in zone param2 is …	DNS Server
7671	There was an error rolling keys for Signing Key Descriptor param1 in zone …	DNS Server
7672	There was an error rolling keys for Signing Key Descriptor param1 in zone …	DNS Server
7673	Retired Signing Key Descriptor param1 in zone param2 has been removed.	DNS Server
7674	Zone param1 has been transferred to one or more secondary DNS servers.	DNS Server
7675	The DNS server has started signing the scope param1 of zone param2.	DNS Server
7676	The scope param1 of zone param2 is signed with DNSSEC.	DNS Server
7677	The DNS server encountered an error while signing the scope param1 of zone …	DNS Server
7678	The scope param1 of zone param2 is no longer signed with DNSSEC.	DNS Server
7679	The DNS server encountered an error while unsigning the scope param1 of zone …	DNS Server
7680	Failed to load scopes of zone param1.	DNS Server
7681	Failed to load scope param1 of zone param2.	DNS Server
7682	Failed to load scope param1 of zone param2.	DNS Server
7683	Failed to write data of scope param1 of zone param2 into file param3.	DNS Server
7684	The cache scope param1 was flushed.	DNS Server
7685	A scope param1 has been added to server param2.	DNS Server
7686	A scope param1 has been deleted from server param2.	DNS Server
7687	Failed to load scope param1 of server param2.	DNS Server
7688	The size of the cache on DNS server is approaching its configured limit of …	DNS Server
7689	The size of the cache on DNS server is approaching its configured limit of …	DNS Server
7690	The size of the cache on DNS server has been brought within its configured limit …	DNS Server
7691	DNS service started with less privileges as KDC is unavailable at the moment.	DNS Server
7692	The EDNS option code param1 for scope transaction during zone transfer is …	DNS Server
7693	The XfrScopeOptionValue has been set to Name.	DNS Server
7694	The DNS server encountered an error param1 while signing the zone param2.	DNS Server
1073741826	The DNS server has started.	DNS Server
1073741827	The DNS server has shut down.	DNS Server
1073741828	The DNS server has finished the background loading of zones.	DNS Server
1073742532	The DNS server did not detect any zones of either primary or secondary type …	DNS Server
1073742533	The DNS server has moved the AD-integrated root hint data for all DNS servers in …	DNS Server
1073742534	An administrator has changed the type and zone storage options of zone {param1}.	DNS Server
1073742535	An administrator has changed the type and/or Active Directory location of zone …	DNS Server
1073742536	An administrator has changed the zone storage options for zone {param1}.	DNS Server
1073742537	An administrator has moved the zone {param1} to a new location in Active …	DNS Server
1073742624	The zone {param1} is configured to accept updates but the A record for the …	DNS Server
1073743826	The DNS server has written a new version of the boot file.	DNS Server
1073743829	The DNS server has been reconfigured to boot from a boot file.	DNS Server
1073744325	The DNS server has completed a scavenging cycle: Visited Zones = {param1}; …	DNS Server
1073744326	The DNS server has completed a scavenging cycle but no nodes were visited.	DNS Server
1073744455	The DNS server successfully autoconfigured: {param1} {param2} {param3} {param4}.	DNS Server
1073744974	The DNS server wrote version {param1} of zone {param2} to file {param3}.	DNS Server
1073745829	The DNS server received indication that zone {param1} was deleted from the …	DNS Server
1073745844	The DNS server is now starting to load zone {param1} in the background.	DNS Server
1073745845	The DNS server has completed background loading of zone {param1}.	DNS Server
1073746324	The DNS Application Directory Partition {param1} was created.	DNS Server
1073746325	The DNS Application Directory Partition {param1} was deleted.	DNS Server
1073746326	The DNS added the local Active Directory to the replication scope of Application …	DNS Server
1073746327	The DNS removed the local Active Directory from the replication scope of …	DNS Server
1073746337	The DNS server detected that it is not enlisted in the replication scope of the …	DNS Server
1073746338	The DNS server detected that it is not enlisted in the replication scope of the …	DNS Server
1073746347	The DNS server has detected that the application directory partition {param1} is …	DNS Server
1073746348	The DNS server has detected that the application directory partition {param1} …	DNS Server
1073747324	The DNS server received a bad DNS query from {param1}.	DNS Server
1073747325	The DNS server encountered a bad packet from {param1}.	DNS Server
1073747326	The DNS server received a bad TCP-based DNS message from {param1}.	DNS Server
1073747328	The DNS server encountered an invalid domain name in a packet from {param1}.	DNS Server
1073747329	The DNS server encountered a domain name exceeding the maximum length in the …	DNS Server
1073747330	The DNS server encountered an invalid domain name offset in a packet from …	DNS Server
1073747331	The DNS server encountered a name offset exceeding the packet length from …	DNS Server
1073747332	The DNS server encountered a packet name exceeding the maximum label count from …	DNS Server
1073747333	The DNS server encountered an invalid DNS update message from {param1}.	DNS Server
1073747334	The DNS server encountered an invalid response message from {param1}.	DNS Server
1073747335	The DNS server encountered a name with a label whose length exceeds the maximum …	DNS Server
1073747824	The DNS server started transfer of version {param1} of zone {param2} to the DNS …	DNS Server
1073747825	The DNS server successfully completed transfer of version {param1} of zone …	DNS Server
1073747826	The transfer of version {param1} of zone {param2} by the DNS server was aborted …	DNS Server
1073748344	Zone {param1} was updated to version {param2} of the zone as provided from the …	DNS Server
1073748345	Zone {param1} is synchronized with version {param2} of the zone as provided from …	DNS Server
1073748346	A more recent version; version {param1} of zone {param2} was found at the DNS …	DNS Server
2147484057	The DNS server list of restricted interfaces contains IP addresses that are not …	DNS Server
2147484059	The DNS server has bound one or more socket pool sockets to port numbers from …	DNS Server
2147484062	The DNS server computer currently does not have a DNS domain name.	DNS Server
2147484354	The DNS server does not have a cache or other database entry for root name …	DNS Server
2147484850	The DNS server encountered an unsupported 'directory' directive in the server …	DNS Server
2147485168	The DNS server encountered the unknown directive '{param1}' in file {param2} at …	DNS Server
2147485169	The DNS server encountered the unsupported directive '{param1}' in file {param2} …	DNS Server
2147485170	The DNS server encountered the obsolete directive '{param1}' in file {param2} at …	DNS Server
2147485171	The DNS server encountered the directive '{param1}' in file {param2} at line …	DNS Server
2147485173	DNSSEC signatures with key tag {param1}; associated with records in zone …	DNS Server
2147485249	DNS server encountered the obsolete record type {param1} in database file …	DNS Server
2147486278	The DNS server could not configure the network connections of this computer with …	DNS Server
2147487661	The DNS server is waiting for Active Directory Domain Services (AD DS) to signal …	DNS Server
2147487665	The DNS server was unable to load or create the DnsAdmins group.	DNS Server
2147487666	The DNS server was unable to begin background loading of Active …	DNS Server
2147487667	The DNS server attempted to load the Active Directory-integrated zone {param1} …	DNS Server
2147488048	The DNS server is experiencing high SOA query load.	DNS Server
2147488158	The DNS server was unable to connect to the domain naming FSMO {param1}.	DNS Server
2147488160	The DNS server was unable to create the built-in directory partition {param1}.	DNS Server
2147488163	The zone {param1} was previously loaded from the directory partition {param2} …	DNS Server
2147488168	The DNS server encountered error {param1} building the zone list from Active …	DNS Server
2147488169	The DNS server encountered error {param1} attempting to load zone {param2} from …	DNS Server
2147488170	The DNS server has deleted all records for a corrupt DNS node from Active …	DNS Server
2147488699	The DNS server is using a large amount of memory.	DNS Server
2147489651	The DNS server received a request from {param1} for a UDP-based transfer of the …	DNS Server
2147489652	The DNS server received a zone transfer request from {param1} for a non-existent …	DNS Server
2147490171	Zone {param1} failed zone refresh check.	DNS Server
2147490174	Zone {param1} version {param2} is newer than version {param3} on DNS server at …	DNS Server
2147490183	The master DNS server at {param2} responded to IXFR (Incremental Zone Transfer) …	DNS Server
2147490708	The DNS server could not connect to DNS server at {param1}.	DNS Server
2147490710	The DNS server encountered a packet addressed to itself on IP address {param1}.	DNS Server
2147491148	The DNS server failed to process a packet from {param1}.	DNS Server
2147491248	The global query block list is a feature that prevents attacks on your network …	DNS Server
2147491264	The TrustAnchors zone could not be loaded:{param1}.	DNS Server
3221225482	The DNS server could not start because it is dependent on the NTDS service which …	DNS Server
3221225583	The DNS server could not create a thread.	DNS Server
3221225603	The DNS server failed to initialize NetBIOS lookups to support WINSR for reverse …	DNS Server
3221225612	The DNS server could not initialize the remote procedure call (RPC) service.	DNS Server
3221225622	The DNS server could not load or initialize the plug-in DLL {param1}.	DNS Server
3221225875	The DNS server could not create a Transmission Control Protocol (TCP) socket.	DNS Server
3221225876	The DNS server could not bind a Transmission Control Protocol (TCP) socket to …	DNS Server
3221225877	The DNS server could not listen on Transmission Control Protocol (TCP) socket …	DNS Server
3221225878	The DNS server could not create a User Datagram Protocol (UDP) socket.	DNS Server
3221225879	The DNS server could not bind a User Datagram Protocol (UDP) socket to {param1}.	DNS Server
3221225880	The DNS server could not open socket for address {param1}.	DNS Server
3221225882	The DNS server list of restricted interfaces does not contain a valid IP address …	DNS Server
3221225972	The DNS server has detected that the zone {param1} has invalid or corrupted …	DNS Server
3221225973	The DNS server has detected that the zone {param1} has a missing or corrupted …	DNS Server
3221225974	The DNS server has detected that for the primary zone {param1} its has no zone …	DNS Server
3221225975	The DNS server has detected that the secondary zone {param1} has no master IP …	DNS Server
3221225976	The DNS server could not create zone {param1} from registry data.	DNS Server
3221225977	The DNS server zone {param1} has invalid or corrupted registry data for …	DNS Server
3221225978	The DNS server has invalid or corrupted registry parameter {param1}.	DNS Server
3221225979	The DNS server encountered invalid or corrupted forwarder parameters in registry …	DNS Server
3221226179	The DNS server is not root authoritative and no root hints were specified in the …	DNS Server
3221226472	The DNS server could not open the file {param1}.	DNS Server
3221226473	The DNS server could not map file {param1} to memory.	DNS Server
3221226475	The DNS server could not find or open the root hints file; Cache.	DNS Server
3221226476	The DNS server could not find or open zone file {param1}.	DNS Server
3221226480	The DNS server was unable to create the path for file {param1} in directory …	DNS Server
3221226672	The DNS server could not find or open boot file {param1}.	DNS Server
3221226673	The DNS server could not create zone {param1} specified in file {param2} at line …	DNS Server
3221226675	The DNS server encountered a 'forwarders' directive in with no forwarding …	DNS Server
3221226677	The DNS server encountered an unknown boot option {param1} in file {param2} at …	DNS Server
3221226678	DNS server encountered missing database directory name; in file {param1}; line …	DNS Server
3221226973	The DNS server could not parse zone file {param1} for zone {param2}.	DNS Server
3221226974	The DNS server could not parse the token '{param1}' in zone file {param2} at …	DNS Server
3221226975	The DNS server could not parse the zone file {param1} at line {param2}.	DNS Server
3221226976	The DNS server could not parse an unexpected token '{param1}' in zone file …	DNS Server
3221226977	The DNS server unexpected end of line; in zone file {param1} at line {param2}.	DNS Server
3221226978	The DNS server encountered invalid token '{param1}' in zone file {param2} at …	DNS Server
3221226979	The DNS server encountered invalid class token '{param1}' in zone file {param2} …	DNS Server
3221226980	The DNS server is ignoring an invalid resource record in zone file {param1} at …	DNS Server
3221226996	DNSSEC signatures with key tag {param1}; associated with records in zone …	DNS Server
3221227012	The DNS server unable to create domain node.	DNS Server
3221227013	The DNS server encountered invalid domain name '{param1}' in zone file {param2} …	DNS Server
3221227014	The DNS server encountered invalid domain name '{param1}'.	DNS Server
3221227015	The DNS server encountered domain name '{param1}' exceeding maximum length.	DNS Server
3221227016	The DNS server encountered an invalid '@' token '{param1}' in zone file {param2} …	DNS Server
3221227017	The DNS server encountered a name outside of the specified zone in zone file …	DNS Server
3221227018	The DNS server encountered an invalid name server (NS) resource record in zone …	DNS Server
3221227019	The DNS server encountered an invalid host (A) resource record in zone file …	DNS Server
3221227072	The DNS server encountered an unknown or unsupported resource record (RR) type …	DNS Server
3221227074	The DNS server encountered an invalid SOA (Start Of Authority) resource record …	DNS Server
3221227082	The DNS server encountered a resource record (RR) in the zone file {param1} at …	DNS Server
3221227083	The DNS server encountered a CNAME (alias) resource record (RR) in zone file …	DNS Server
3221227084	The DNS server encountered an alias (CNAME or DNAME) resource record (RR) in …	DNS Server
3221227085	The DNS server encountered an invalid preference value '{param1}' in zone file …	DNS Server
3221227086	The DNS server encountered a token '{param1}' of the wrong format in zone file …	DNS Server
3221227088	The DNS server encountered a text string '{param1}' in zone file {param2} at …	DNS Server
3221227089	The DNS server encountered an invalid IP address '{param1}' in zone file …	DNS Server
3221227090	The DNS server encountered an invalid IPv6 address '{param1}' in zone file …	DNS Server
3221227091	The DNS server could not find protocol '{param1}' specified for the well known …	DNS Server
3221227092	The DNS server could not find the service '{param1}' specified for the well …	DNS Server
3221227093	The DNS server encountered the port '{param1}' specified for the well known …	DNS Server
3221227122	The DNS server encountered invalid WINS record in file {param1}; line {param2}.	DNS Server
3221227123	The DNS server encountered an invalid WINS reverse lookup (WINSR) resource …	DNS Server
3221227126	The DNS server encountered an unknown WINS-to-DNS mapping flag {param1} in file …	DNS Server
3221227128	The DNS server encountered a WINS reverse lookup (WINSR) resource record (RR) …	DNS Server
3221227475	The DNS server encountered an error writing current configuration back to boot …	DNS Server
3221227672	The DNS server could not open a registry key.	DNS Server
3221227674	The DNS server could not write a registry key.	DNS Server
3221227675	The DNS server could not delete a registry key.	DNS Server
3221227676	The registry value …	DNS Server
3221228623	The DNS server unable to write zone file {param1} for zone {param2}.	DNS Server
3221228624	The DNS server was unable to open file {param1} for write.	DNS Server
3221228625	The DNS server encountered an error writing to file.	DNS Server
3221228632	The DNS server encountered an non-writeable or unknown resource record (RR) type …	DNS Server
3221228634	The DNS server encountered an unknown protocol writing a well known service …	DNS Server
3221228635	While writing a well known service (WKS) record to the zone file; the DNS server …	DNS Server
3221229472	The DNS server was unable to open Active Directory.	DNS Server
3221229473	The DNS server was unable to open zone {param1} in the Active Directory.	DNS Server
3221229474	The DNS server was unable to add zone {param1} to the Active Directory.	DNS Server
3221229475	The DNS server was unable to delete zone {param1} in the Active Directory.	DNS Server
3221229476	The DNS server was unable to complete directory service enumeration of zone …	DNS Server
3221229478	The DNS server could not load the records for the DNS name {param1} found in the …	DNS Server
3221229479	The DNS server was unable to open zone {param1} in the Active Directory from the …	DNS Server
3221229482	The DNS server was unable to create a resource record for {param1} in zone …	DNS Server
3221229483	The DNS server was unable to add or write an update of domain name {param1} in …	DNS Server
3221229484	The DNS server timed out attempting to write resource records to the Active …	DNS Server
3221229486	The DNS server was unable to initialize Active Directory security interfaces.	DNS Server
3221229487	The DNS server has encountered a critical error from the Active Directory.	DNS Server
3221229488	The DNS server timed out attempting an Active Directory service operation on …	DNS Server
3221229983	The zone {param1} was not successfully saved to the new directory partition as …	DNS Server
3221230577	The DNS server attempted to cache an CNAME (alias) resource record for the …	DNS Server
3221230578	The DNS server attempted to cache an CNAME (alias) resource record (RR) for a …	DNS Server
3221230579	The DNS server created CNAME (alias) loop caching CNAME resource records (RRs).	DNS Server
3221230580	The DNS server created an CNAME (alias) loop loading CNAME at {param1}.	DNS Server
3221231996	Invalid response from master DNS server at {param2} during attempted zone …	DNS Server
3221231997	A zone transfer request for the secondary zone {param1} was refused by the …	DNS Server
3221231999	Zone {param1} expired before it could obtain a successful zone transfer or …	DNS Server
3221232002	During transfer of zone {param1} from master at {param2}; the DNS server …	DNS Server
3221232003	During transfer of zone {param1} from master at {param2}; the DNS server …	DNS Server
3221232004	During transfer of zone {param1} from master at {param2}; the DNS server …	DNS Server
3221232005	The DNS server could not create a zone transfer thread.	DNS Server
3221232006	Failed transfer of zone {param1} from DNS server at {param2}.	DNS Server
3221232008	Invalid IXFR (Incremental Zone Transfer) response from master DNS server at …	DNS Server
3221232174	DNS server has updated its own host (A) records.	DNS Server
3221232522	The DNS server recv() function failed.	DNS Server
3221232523	The DNS server recvfrom() function failed.	DNS Server
3221232524	The DNS server send() function failed.	DNS Server
3221232525	The DNS server sendto() function failed.	DNS Server
3221232526	The DNS server select() function failed.	DNS Server
3221232527	The DNS server accept() function failed.	DNS Server
3221232528	The DNS server GetQueuedCompletionStatus() function failed.	DNS Server
3221232974	The DNS server was unable to service a client request due a shortage of …	DNS Server
3221232975	The DNS server could not allocate memory for resource record {param1}.	DNS Server
3221232976	The DNS server could not allocate memory for the node of domain name {param1}.	DNS Server

Event ID 2 — The DNS server has started.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Informational

Description

The DNS server has started.

Message #

The DNS server has started.

Fields #

Name	Description
`Name`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 2,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854779904,
    "time_created": "2022-04-07T16:56:30.613142+00:00",
    "event_record_id": 30,
    "correlation": {},
    "execution": {
      "process_id": 2320,
      "thread_id": 2848
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_STARTUP_OK"
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3 — The DNS server has shut down.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Informational

Description

The DNS server has shut down.

Message #

The DNS server has shut down.

Fields #

Name	Description
`Name`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 3,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854779904,
    "time_created": "2022-04-07T08:38:25.939614+00:00",
    "event_record_id": 22,
    "correlation": {},
    "execution": {
      "process_id": 2780,
      "thread_id": 2212
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_SHUTDOWN"
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 4 — The DNS server has finished the background loading and signing of zones.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Informational

Description

The DNS server has finished the background loading and signing of zones. All zones are now available for DNS updates and zone transfers, as allowed by their individual zone configuration.

Message #

The DNS server has finished the background loading and signing of zones. All zones are now available for DNS updates and zone transfers, as allowed by their individual zone configuration.

Fields #

Name	Description
`Name`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 4,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775824,
    "time_created": "2022-04-07T08:31:21.436717+00:00",
    "event_record_id": 21,
    "correlation": {},
    "execution": {
      "process_id": 2780,
      "thread_id": 4540
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_ZONE_LOAD_COMPLETE"
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 10 — The DNS server could not start because it is dependent on the NTDS service which is not started.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not start because it is dependent on the NTDS service which is not started.

Message #

The DNS server could not start because it is dependent on the NTDS service which is not started.

Event ID 11 — The DNS server could not register dependency on serviceName service.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not register dependency on serviceName service.

Message #

The DNS server could not register dependency on %1 service.

Fields #

Name	Description
`serviceName` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 111 — The DNS server could not create a thread.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not create a thread. System may be out of resources. You might close applications not in use, restart the DNS server or reboot your computer. The event data is the error code.

Message #

The DNS server could not create a thread.  System may be out of resources. You might close applications not in use, restart the DNS server or reboot your computer.  The event data is the error code.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 131 — DNS Server Zone Transfer

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server failed to initialize NetBIOS lookups to support WINSR for reverse lookup zones.  The server will continue to run but will not attempt to perform WINS reverse lookups.  This may be due to an incorrect configuration.  If WINSR lookups are not required, remove WINSR records from zone data files and reload modified zones or restart the DNS server.  If the DNS server should support WINSR reverse lookup, restart the server computer and verify that the WINS/NetBT configuration for TCP/IP client properties on the computer are correctly set.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 140 — DNS Server Service Status

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not initialize the remote procedure call (RPC) service. If it is not running, start the RPC service or reboot the computer. The event data is the error code.

Message #

The DNS server could not initialize the remote procedure call (RPC) service. If it is not running, start the RPC service or reboot the computer. The event data is the error code.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 150 — The DNS server could not load or initialize the plug-in DLL Name.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Error

Message #

The DNS server could not load or initialize the plug-in DLL %1. The event data is the error code returned by the plug-in DLL load or initialization attempt. Please correct the plug-in error that is causing this condition or remove the plug-in from the DNS server configuration.

Fields #

Name	Description
`Name`	—
`Data`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 150,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854808576,
    "time_created": "2021-05-18T21:23:27.038306+00:00",
    "event_record_id": 11659,
    "correlation": {},
    "execution": {
      "process_id": 3880,
      "thread_id": 444
    },
    "channel": "DNS Server",
    "computer": "rootdc1.offsec.lan",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_PLUGIN_INIT_FAILED",
    "Data": {
      "Name": "param1",
      "Value": ".\\mimilib.dll"
    },
    "Binary": "fgAAAA=="
  },
  "message": ""
}

Detection Patterns #

Persistence: DLL

DNS-Server-Service Event ID 150: The DNS server could not load or initialize the plug-in DLL Name.OREvent ID 770: A DNS server plugin DLL has been loaded from location param1 on server param2.OREvent ID 771: The V1 plugin interface has been implemented in server level plugin DLL.

1 rule

Sigma

DNS Server Error Failed Loading the ServerLevelPluginDLL (source)

Florian Roth (Nextron Systems)

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 403 — The DNS server could not create a Transmission Control Protocol (TCP) socket.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not create a Transmission Control Protocol (TCP) socket. Restart the DNS server or reboot the computer. The event data is the error code.

Message #

The DNS server could not create a Transmission Control Protocol (TCP) socket. Restart the DNS server or reboot the computer. The event data is the error code.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 404 — The DNS server could not bind a Transmission Control Protocol (TCP) socket to address Name.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Error

Message #

The DNS server could not bind a Transmission Control Protocol (TCP) socket to address %1. The event data is the error code.  An IP address of 0.0.0.0 can indicate a valid "any address" configuration in which all configured IP addresses on the computer are available for use. 
Restart the DNS server or reboot the computer.

Fields #

Name	Description
`Name`	—
`Data`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 404,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036855824384,
    "time_created": "2022-04-07T16:59:58.007502+00:00",
    "event_record_id": 34,
    "correlation": {},
    "execution": {
      "process_id": 2320,
      "thread_id": 4240
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_CANNOT_BIND_TCP_SOCKET",
    "Data": {
      "Name": "param1",
      "Value": "169.254.142.31"
    },
    "Binary": "QScAAA=="
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 405 — The DNS server could not listen on Transmission Control Protocol (TCP) socket for address param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not listen on Transmission Control Protocol (TCP) socket for address %1. The event data is the error code.  An IP address of 0.0.0.0 can indicate a valid "any address" configuration in which all configured IP addresses on the computer are available for use. 
Restart the DNS server or reboot the computer.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 406 — The DNS server could not create a User Datagram Protocol (UDP) socket.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not create a User Datagram Protocol (UDP) socket. The event data is the error code. Restart the DNS server or reboot your computer.

Message #

The DNS server could not create a User Datagram Protocol (UDP) socket. The event data is the error code. Restart the DNS server or reboot your computer.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 407 — The DNS server could not bind a User Datagram Protocol (UDP) socket to Name.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Error

Description

The DNS server could not bind a User Datagram Protocol (UDP) socket to Name. The event data is the error code. Restart the DNS server or reboot your computer.

Message #

The DNS server could not bind a User Datagram Protocol (UDP) socket to %1. The event data is the error code. Restart the DNS server or reboot your computer.

Fields #

Name	Description
`Name`	—
`Data`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 407,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036855824384,
    "time_created": "2022-04-07T16:59:58.007280+00:00",
    "event_record_id": 32,
    "correlation": {},
    "execution": {
      "process_id": 2320,
      "thread_id": 4240
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_CANNOT_BIND_UDP_SOCKET",
    "Data": {
      "Name": "param1",
      "Value": "169.254.142.31"
    },
    "Binary": "QScAAA=="
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 408 — The DNS server could not open socket for address Name.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Error

Description

The DNS server could not open socket for address Name.

Message #

The DNS server could not open socket for address %1. 
Verify that this is a valid IP address for the server computer.  If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces.  Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error.  In that case remove the DNS\Parameters\ ListenAddress value in the services section of the registry and restart.) 
 
If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port. 
 
For more information, see "DNS server log reference" in the online Help.

Fields #

Name	Description
`Name`	—
`Data`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 408,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036855824384,
    "time_created": "2022-04-07T16:59:58.007504+00:00",
    "event_record_id": 35,
    "correlation": {},
    "execution": {
      "process_id": 2320,
      "thread_id": 4240
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_OPEN_SOCKET_FOR_ADDRESS",
    "Data": {
      "Name": "param1",
      "Value": "169.254.142.31"
    },
    "Binary": ""
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 409 — The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer.

Message #

The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer. 
 
Use the DNS manager server properties, interfaces dialog, to verify and reset the IP addresses the DNS server should listen on.  For more information, see "To restrict a DNS server to listen only on selected addresses" in the online Help.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 410 — The DNS server list of restricted interfaces does not contain a valid IP address for the server computer.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server list of restricted interfaces does not contain a valid IP address for the server computer. The DNS server will use all IP interfaces on the machine.

Message #

The DNS server list of restricted interfaces does not contain a valid IP address for the server computer. The DNS server will use all IP interfaces on the machine. 
 
Use the DNS manager server properties, interfaces dialog, to verify and reset the IP addresses the DNS server should listen on.  For more information, see "To restrict a DNS server to listen only on selected addresses" in the online Help.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 411 — The DNS server has bound one or more socket pool sockets to port numbers from port exclusion range param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has bound one or more socket pool sockets to port numbers from port exclusion range param1.

Message #

The DNS server has bound one or more socket pool sockets to port numbers from port exclusion range %1.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 414 — The DNS server computer currently does not have a DNS domain name.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server computer currently does not have a DNS domain name. Its DNS name is a single-label host name with no domain (for example: "host" rather than "host.microsoft.com").

Message #

The DNS server computer currently does not have a DNS domain name.  Its DNS name is a single-label host name with no domain (for example:  "host" rather than "host.microsoft.com"). 
 
You might have forgotten to configure a primary DNS domain for the server computer. 
 
Because the DNS server has only a single-label name, all zones created will have default records (SOA and NS) created using only this single-label name for the server's host name.  This can lead to incorrect and failed referrals when clients and other DNS servers use these records to locate this server by name. 
 
To correct this problem: 
  1) Click Start, and then click Control Panel.
  2) Open System and Maintenance , and then open System. 
  3) Click Change Settings, and then click Change.  4) Click either Domain or Workgroup, and then type the name of the domain or  workgroup you want the computer to join; the domain or workgroup name will be used as your DNS domain name. 
  5) When prompted, restart the computer.
 
After the computer restarts, the DNS server will attempt to fix up default records, substituting the new DNS name of this server for the old single-label name.  However, you should review the zone's SOA and NS records to ensure that they now use the correct domain name of this server.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 500 — The DNS server has detected that the zone param1 has invalid or corrupted registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has detected that the zone %1 has invalid or corrupted registry data.  To correct the problem, you can delete the applicable zone subkey, located under DNS server parameters in the registry. You can then recreate the zone using the DNS console.  For more information, see "Tuning advanced server parameters" and "Add and Remove Zones" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 501 — The DNS server has detected that the zone param1 has a missing or corrupted zone type in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has detected that the zone %1 has a missing or corrupted zone type in registry data.  To correct the problem, you can delete the applicable zone subkey, located under DNS server parameters in the registry.   You can then recreate the zone using the DNS console.  For more information, see "Tuning advanced server parameters" and "Add and Remove Zones" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 502 — The DNS server has detected that for the primary zone param1 its has no zone file name stored in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has detected that for the primary zone %1 its has no zone file name stored in registry data.  You can either update the zone file name or delete the zone and recreate it using the DNS console.  To delete the applicable zone from the registry, locate its subkey under DNS server parameters in the registry.  You can then recreate the zone using the DNS console.  For more information, see "To change a zone file name", "Tuning advanced server parameters" and "Add and Remove Zones" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 503 — The DNS server has detected that the secondary zone param1 has no master IP addresses in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has detected that the secondary zone %1 has no master IP addresses in registry data.  Secondary zones require at least one master server to act as a source.  You can add or update the IP address for the master server for this zone using the DNS console.  For more information, see "To update the master server for a secondary zone" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 504 — The DNS server could not create zone param1 from registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not create zone %1 from registry data.  One or more of the zone registry key values could be corrupted or the zone file is missing. Use the DNS console to replace or repair any corrupted registry key values or confirm that the zone database is available.  For more information, see "Configure zone properties" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 505 — The DNS server zone param1 has invalid or corrupted registry data for param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server zone %1 has invalid or corrupted registry data for %2. Use the DNS console to replace or repair any corrupted registry key values or confirm that the zone database is available.  For more information, see the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 506 — The DNS server has invalid or corrupted registry parameter param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has invalid or corrupted registry parameter %1.  To correct the problem, you can delete the applicable registry value, located under DNS server parameters in the registry.  You can then recreate it using the DNS console.  For more information, see the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 507 — The DNS server encountered invalid or corrupted forwarder parameters in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered invalid or corrupted forwarder parameters in registry data.

Message #

The DNS server encountered invalid or corrupted forwarder parameters in registry data. 
 
To fix the forwarders: 
	 - connect to or open this server in DNS Manager 
	 - bring up server properties 
	 - open "Forwarders" tab 
	 - reset forwarders information to desired values 
	 - click OK 
 
For more information, see the online Help.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 706 — The DNS server does not have a cache or other database entry for root name servers.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server does not have a cache or other database entry for root name servers.

Message #

The DNS server does not have a cache or other database entry for root name servers. 
Either the root hints file, cache.dns, or Active Directory must have at least one name server (NS) resource record, indicating a root DNS server and a corresponding host (A) resource record for that root DNS server.  Otherwise, the DNS server will be unable to contact the root DNS server on startup and will be unable to answer queries for names outside of its own authoritative zones.  To correct this problem, use the DNS console to update the server root hints.  For more information, see the online Help.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 707 — The DNS server is not root authoritative and no root hints were specified in the cache.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server is not root authoritative and no root hints were specified in the cache.dns file.

Message #

The DNS server is not root authoritative and no root hints were specified in the cache.dns file. 
Where the server is not a root server, this file must specify root hints in the form of at least one name server (NS) resource record, indicating a root DNS server and a corresponding host (A) resource record for that root DNS server.  Otherwise, the DNS server will be unable to contact the root DNS server on startup and will be unable to answer queries for names outside of its own authoritative zones.  To correct this problem, use the DNS console to update the server root hints.  For more information, see the online Help.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 708 — The DNS server did not detect any zones of either primary or secondary type during initialization.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Informational

Message #

The DNS server did not detect any zones of either primary or secondary type during initialization. It will not be authoritative for any zones, and it will run as a caching-only server until a zone is loaded manually or by Active Directory replication. For more information, see the online Help.

Fields #

Name	Description
`Name`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 708,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854779904,
    "time_created": "2022-04-07T16:56:30.583997+00:00",
    "event_record_id": 29,
    "correlation": {},
    "execution": {
      "process_id": 2320,
      "thread_id": 2848
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_CACHING_SERVER_ONLY",
    "Binary": ""
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 709 — The DNS server has moved the AD-integrated root hint data for all DNS servers in this domain to the param1 directory partition.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has moved the AD-integrated root hint data for all DNS servers in this domain to the param1 directory partition.

Message #

The DNS server has moved the AD-integrated root hint data for all DNS servers in this domain to the %1 directory partition.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 710 — An administrator has changed the type and zone storage options of zone param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

An administrator has changed the type and zone storage options of zone param1. The zone is now type param2. The zone will be stored in the zone file param3.

Message #

An administrator has changed the type and zone storage options of zone %1. The zone is now type %2. The zone will be stored in the zone file %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 711 — An administrator has changed the type and/or Active Directory location of zone param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

An administrator has changed the type and/or Active Directory location of zone param1. The zone is now type param2. The zone will be stored in Active Directory at param3.

Message #

An administrator has changed the type and/or Active Directory location of zone %1. The zone is now type %2. The zone will be stored in Active Directory at %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 712 — An administrator has changed the zone storage options for zone param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

An administrator has changed the zone storage options for zone param1. The zone will now be stored in the zone file param2. [virtualization instance: param3].

Message #

An administrator has changed the zone storage options for zone %1. The zone will now be stored in the zone file %2. [virtualization instance: %3].

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 713 — An administrator has moved the zone param1 to a new location in Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

An administrator has moved the zone param1 to a new location in Active Directory. The zone will be stored in Active Directory at param2.

Message #

An administrator has moved the zone %1 to a new location in Active Directory. The zone will be stored in Active Directory at %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 768 — The DNS server has loaded the scope param1 of zone param2 from file param3 on server param4.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has loaded the scope param1 of zone param2 from file param3 on server param4. [virtualization instance: VirtualizationID].

Message #

The DNS server has loaded the scope %1 of zone %2 from file %3 on server %4. [virtualization instance: %5].

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`param4` AnsiString	—
`VirtualizationID` UnicodeString	—

Event ID 769 — The DNS server has loaded the zone param1 from file param2 on server param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Informational

Description

The DNS server has loaded the zone param1 from file param2 on server param3. [virtualization instance: VirtualizationID].

Message #

The DNS server has loaded the zone %1 from file %2 on server %3. [virtualization instance: %4].

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` AnsiString	—
`VirtualizationID` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 769,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775824,
    "time_created": "2022-04-07T08:31:20.801344+00:00",
    "event_record_id": 19,
    "correlation": {},
    "execution": {
      "process_id": 2780,
      "thread_id": 2212
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "param1": "lab.local",
    "param2": "NULL",
    "param3": "WIN-FPV0DSIC9O6.lab.local",
    "VirtualizationID": "."
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 770 — A DNS server plugin DLL has been loaded from location param1 on server param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Informational

Description

A DNS server plugin DLL has been loaded from location param1 on server param2.

Message #

A DNS server plugin DLL has been loaded from location %1 on server %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` AnsiString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 770,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854808576,
    "time_created": "2021-05-18T21:33:49.548066+00:00",
    "event_record_id": 11684,
    "correlation": {},
    "execution": {
      "process_id": 180,
      "thread_id": 4116
    },
    "channel": "DNS Server",
    "computer": "rootdc1.offsec.lan",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "param1": "C:\\TOOLS\\Mimikatz-fev-2020\\mimilib.dll",
    "param2": "rootdc1.offsec.lan"
  },
  "message": ""
}

Detection Patterns #

Persistence: DLL

1 rule

Sigma

DNS Server Error Failed Loading the ServerLevelPluginDLL (source)

Florian Roth (Nextron Systems)

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 771 — The V1 plugin interface has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Informational

Description

The V1 plugin interface has been implemented in server level plugin DLL.

Message #

The V1 plugin interface has been implemented in server level plugin DLL.

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 771,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854808576,
    "time_created": "2021-05-18T21:33:49.548062+00:00",
    "event_record_id": 11683,
    "correlation": {},
    "execution": {
      "process_id": 180,
      "thread_id": 4116
    },
    "channel": "DNS Server",
    "computer": "rootdc1.offsec.lan",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {},
  "message": ""
}

Detection Patterns #

Persistence: DLL

1 rule

Sigma

DNS Server Error Failed Loading the ServerLevelPluginDLL (source)

Florian Roth (Nextron Systems)

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 772 — The V2 plugin interface has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The V2 plugin interface has been implemented in server level plugin DLL.

Message #

The V2 plugin interface has been implemented in server level plugin DLL.

Event ID 773 — The V3 plugin interface to select scopes of a zone has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The V3 plugin interface to select scopes of a zone has been implemented in server level plugin DLL.

Message #

The V3 plugin interface to select scopes of a zone has been implemented in server level plugin DLL.

Event ID 774 — The RecursionScope plugin interface to select scope of the DNS server has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The RecursionScope plugin interface to select scope of the DNS server has been implemented in server level plugin DLL.

Message #

The RecursionScope plugin interface to select scope of the DNS server has been implemented in server level plugin DLL.

Event ID 775 — The CacheScope plugin interface to select scope of the DNS cache has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The CacheScope plugin interface to select scope of the DNS cache has been implemented in server level plugin DLL.

Message #

The CacheScope plugin interface to select scope of the DNS cache has been implemented in server level plugin DLL.

Event ID 776 — The DNS server has started to unsign the zone param1 on server param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has started to unsign the zone param1 on server param2.

Message #

The DNS server has started to unsign the zone %1 on server %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` AnsiString	—

Event ID 777 — The DNS server encountered an error while unsigning the zone param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an error while unsigning the zone param1. The error code encountered during unsigning was param2.

Message #

The DNS server encountered an error while unsigning the zone %1. The error code encountered during unsigning was %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UInt32	—

Event ID 784 — The key signing key with GUID param1 of zone param2 has moved to stage param3 of rollover.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The key signing key with GUID param1 of zone param2 has moved to stage param3 of rollover.

Message #

The key signing key with GUID %1 of zone %2 has moved to stage %3 of rollover.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—

Event ID 785 — The zone signing key with GUID param1 of zone param2 has moved to stage param3 of rollover.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The zone signing key with GUID param1 of zone param2 has moved to stage param3 of rollover.

Message #

The zone signing key with GUID %1 of zone %2 has moved to stage %3 of rollover.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—

Event ID 786 — The DNS server is being started in authoritative-cache mode param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server is being started in authoritative-cache mode %1. In this mode the records will be kept in cache for as long as %2 minutes and the responses from cache will be sent with same authority as that of the original response that led to their caching on this server.

Fields #

Name	Description
`param1` UInt32	—
`param2` UInt32	—

Event ID 787 — Negative caching has been disabled on the server param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Negative caching has been disabled on the server param1.

Message #

Negative caching has been disabled on the server %1.

Fields #

Name	Description
`param1` AnsiString	—

Event ID 788 — The DNS server has loaded the scope param1 of server param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has loaded the scope param1 of server param2.

Message #

The DNS server has loaded the scope %1 of server %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` AnsiString	—

Event ID 789 — The DNS server has loaded the virtualization instance: VirtualizationID.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has loaded the virtualization instance: VirtualizationID.

Message #

The DNS server has loaded the virtualization instance: %1.

Fields #

Name	Description
`VirtualizationID` UnicodeString	—

Event ID 790 — The EDNS option code param1 for scope transaction is invalid or conflicts with the configuration of another EDNS option.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The EDNS option code param1 for scope transaction is invalid or conflicts with the configuration of another EDNS option. The default value i.e. param2 will be used.

Message #

The EDNS option code %1 for scope transaction is invalid or conflicts with the configuration of another EDNS option. The default value i.e. %2 will be used.

Fields #

Name	Description
`param1` UInt64	—
`param2` UInt64	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 791 — The ScopeOptionValue has been set to param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The ScopeOptionValue has been set to param1. This option ID will be used to pass the scope information to forwarders via an OPT RR.

Message #

The ScopeOptionValue has been set to %1.  This option ID will be used to pass the scope information to forwarders via an OPT RR.

Fields #

Name	Description
`param1` UInt64	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 792 — Failed to load server level policy Policy of server Server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to load server level policy Policy of server Server.

Message #

Failed to load server level policy %1 of server %2.

Fields #

Name	Description
`Policy` UnicodeString	—
`Server` AnsiString	—

Event ID 793 — Failed to load zone level policy Policy of zone Zone on server Server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to load zone level policy Policy of zone Zone on server Server.

Message #

Failed to load zone level policy %1 of zone %3 on server %2.

Fields #

Name	Description
`Policy` UnicodeString	—
`Server` AnsiString	—
`Zone` UnicodeString	—

Event ID 794 — Failed to load zone level policy Policy of zone Zone on server Server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to load zone level policy Policy of zone Zone on server Server. The scope Scope used by policy is absent on the zone. Please configure the scope and recreate the policy.

Message #

Failed to load zone level policy %1 of zone %3 on server %2. The scope %4 used by policy is absent on the zone. Please configure the scope and recreate the policy.

Fields #

Name	Description
`Policy` UnicodeString	—
`Server` AnsiString	—
`Zone` UnicodeString	—
`Scope` UnicodeString	—

Event ID 795 — Failed to load server level policy Policy on server Server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to load server level policy Policy on server Server. The scope Scope used by policy is absent on the server. Please configure the scope and recreate the policy.

Message #

Failed to load server level policy %1 on server %2. The scope %3 used by policy is absent on the server. Please configure the scope and recreate the policy.

Fields #

Name	Description
`Policy` UnicodeString	—
`Server` AnsiString	—
`Scope` UnicodeString	—

Event ID 796 — Failed to load the client subnet ClientSubnetRecord.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to load the client subnet ClientSubnetRecord.

Message #

Failed to load the client subnet %1.

Fields #

Name	Description
`ClientSubnetRecord` UnicodeString	—

Event ID 797 — Failed to load a server level policy of server Server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to load a server level policy of server Server. An error was encountered while trying to access the registry.

Message #

Failed to load a server level policy of server %1. An error was encountered while trying to access the registry.

Fields #

Name	Description
`Server` AnsiString	—

Event ID 798 — Failed to load a zone level policy of zone Zone on server Server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to load a zone level policy of zone Zone on server Server. An error was encountered while trying to access the registry.

Message #

Failed to load a zone level policy of zone %2 on server %1. An error was encountered while trying to access the registry.

Fields #

Name	Description
`Server` AnsiString	—
`Zone` UnicodeString	—

Event ID 799 — Failed to load client subnets on server Server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to load client subnets on server Server. An error was encountered while trying to access the registry.

Message #

Failed to load client subnets on server %1. An error was encountered while trying to access the registry.

Fields #

Name	Description
`Server` AnsiString	—

Event ID 800 — The zone param1 is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The zone %1 is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot  be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 801 — Failed to load Response Rate Limiting parameters on server Server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to load Response Rate Limiting parameters on server Server. An error was encountered while trying to access the registry.

Message #

Failed to load Response Rate Limiting parameters on server %1. An error was encountered while trying to access the registry.

Fields #

Name	Description
`Server` AnsiString	—

Event ID 802 — Failed to enable Response Rate Limiting on server Server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to enable Response Rate Limiting on server Server.

Message #

Failed to enable Response Rate Limiting on server %1.

Fields #

Name	Description
`Server` AnsiString	—

Event ID 803 — The EDNS option code param1 for the virtualization instance option is invalid or conflicts with the configuration of another EDNS option.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The EDNS option code param1 for the virtualization instance option is invalid or conflicts with the configuration of another EDNS option. The default value i.e. param2 will be used.

Message #

The EDNS option code %1 for the virtualization instance option is invalid or conflicts with the configuration of another EDNS option. The default value i.e. %2 will be used.

Fields #

Name	Description
`param1` UInt64	—
`param2` UInt64	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 804 — Failed to load virtualization instance: VirtualizationID.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to load virtualization instance: VirtualizationID. None of the zones in this virtualization instance will be loaded.

Message #

Failed to load virtualization instance: %1. None of the zones in this virtualization instance will be loaded.

Fields #

Name	Description
`VirtualizationID` UnicodeString	—

Event ID 805 — Failed to read the virtualization instance from registry.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to read the virtualization instance from registry.

Message #

Failed to read the virtualization instance from registry.

Event ID 806 — The VirtualizationInstanceOptionValue has been set to param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The VirtualizationInstanceOptionValue has been set to param1. This option ID will be used to identify the virtualization instance on the DNS server.

Message #

The VirtualizationInstanceOptionValue has been set to %1. This option ID will be used to identify the virtualization instance on the DNS server.

Fields #

Name	Description
`param1` UInt64	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 807 — The DNS server received indication that scope param1 of zone param2 was deleted from the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server received indication that scope param1 of zone param2 was deleted from the Active Directory. Since this scope was an Active Directory integrated scope, it has been deleted from the DNS server.

Message #

The DNS server received indication that scope %1 of zone %2 was deleted from the Active Directory.  Since this scope was an Active Directory integrated scope, it has been deleted from the DNS server.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 808 — The V6 plugin interface has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The V6 plugin interface has been implemented in server level plugin DLL.

Message #

The V6 plugin interface has been implemented in server level plugin DLL.

Event ID 809 — The EDNS option code param1 for the DNS data tag is invalid or conflicts with the configuration of another EDNS option.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The EDNS option code param1 for the DNS data tag is invalid or conflicts with the configuration of another EDNS option. The default value i.e. param2 will be used.

Message #

The EDNS option code %1 for the DNS data tag is invalid or conflicts with the configuration of another EDNS option. The default value i.e. %2 will be used.

Fields #

Name	Description
`param1` UInt64	—
`param2` UInt64	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 817 — The DataTagOptionValue has been set to param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DataTagOptionValue has been set to param1. This option ID will be used to store and transmit an opaque 8 byte DNS data tag associated with a DNS node.

Message #

The DataTagOptionValue has been set to %1. This option ID will be used to store and transmit an opaque 8 byte DNS data tag associated with a DNS node.

Fields #

Name	Description
`param1` UInt64	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 818 — The throttle plugin interface has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The throttle plugin interface has been implemented in server level plugin DLL.

Message #

The throttle plugin interface has been implemented in server level plugin DLL.

Event ID 819 — The CorrelationTagOptionValue has been set to param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The CorrelationTagOptionValue has been set to param1. This option will be included in detailed tracing query and response events.

Message #

The CorrelationTagOptionValue has been set to %1.  This option will be included in detailed tracing query and response events.

Fields #

Name	Description
`param1` UInt64	—

Event ID 820 — The logging plugin interface has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The logging plugin interface has been implemented in server level plugin DLL.

Message #

The logging plugin interface has been implemented in server level plugin DLL.

Event ID 821 — The init query plugin interface has been implemented in server level plugin DLL.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The init query plugin interface has been implemented in server level plugin DLL.

Message #

The init query plugin interface has been implemented in server level plugin DLL.

Event ID 822 — Successfully started HTTP server for DNS-over-HTTPS (DoH) server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Successfully started HTTP server for DNS-over-HTTPS (DoH) server. The DoH server is listening on following URL(s).

Message #

Successfully started HTTP server for DNS-over-HTTPS (DoH) server. The DoH server is listening on following URL(s):
%1

Fields #

Name	Description
`param1` UnicodeString	—

Event ID 823 — The DNS server could not initialize the HTTP server for DNS-over-HTTPS (DoH) and failed with error code param1lu.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not initialize the HTTP server for DNS-over-HTTPS (DoH) and failed with error code param1lu.

Message #

The DNS server could not initialize the HTTP server for DNS-over-HTTPS (DoH) and failed with error code %1lu.

Fields #

Name	Description
`param1` UnicodeString	—

Event ID 824 — The DNS server could not create the HTTP server session for DNS-over-HTTPS (DoH) and failed with error code param1lu.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not create the HTTP server session for DNS-over-HTTPS (DoH) and failed with error code param1lu.

Message #

The DNS server could not create the HTTP server session for DNS-over-HTTPS (DoH) and failed with error code %1lu.

Fields #

Name	Description
`param1` UnicodeString	—

Event ID 825 — The DNS server could not register the URL for the DNS-over-HTTPS (DoH) server and failed with error code param1lu.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not register the URL for the DNS-over-HTTPS (DoH) server and failed with error code param1lu.

Message #

The DNS server could not register the URL for the DNS-over-HTTPS (DoH) server and failed with error code %1lu.

Fields #

Name	Description
`param1` UnicodeString	—

Event ID 826 — The DNS server could not create the HTTP request queue for DNS-over-HTTPS (DoH) and failed with error code param1lu.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not create the HTTP request queue for DNS-over-HTTPS (DoH) and failed with error code param1lu.

Message #

The DNS server could not create the HTTP request queue for DNS-over-HTTPS (DoH) and failed with error code %1lu.

Fields #

Name	Description
`param1` UnicodeString	—

Event ID 827 — The configuration for DNS-over-HTTPS (DoH) server are.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The configuration for DNS-over-HTTPS (DoH) server are.

Message #

The configuration for DNS-over-HTTPS (DoH) server are:
%1

Fields #

Name	Description
`param1` UnicodeString	—

Event ID 828 — The DNS-over-HTTPS (DoH) server has shut down gracefully.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS-over-HTTPS (DoH) server has shut down gracefully.

Message #

The DNS-over-HTTPS (DoH) server has shut down gracefully.

Event ID 829 — The DNS-over-HTTPS (DoH) server has shut down due to an error and failed with error code errorCode.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS-over-HTTPS (DoH) server has shut down due to an error and failed with error code errorCode.

Message #

The DNS-over-HTTPS (DoH) server has shut down due to an error and failed with error code %1.

Fields #

Name	Description
`errorCode` UnicodeString	—

Event ID 1000 — The DNS server could not open the file param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not open the file param1. Check that the file exists in the %SystemRoot%\System32\Dns directory and that it contains valid data. The event data is the error code.

Message #

The DNS server could not open the file %1.  Check that the file exists in the %SystemRoot%\System32\Dns directory and that it contains valid data. The event data is the error code.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1001 — The DNS server could not map file param1 to memory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not map file param1 to memory. Either close other applications that are not in use or reboot the computer to reclaim additional memory for the server to use.

Message #

The DNS server could not map file %1 to memory.  Either close other applications that are not in use or reboot the computer to reclaim additional memory for the server to use.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1003 — DNS Server RPC Protocol Initialization

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not find or open the root hints file, Cache.dns, in the %SystemRoot%\System32\Dns directory.  Verify that this file is located in this directory and that it contains at least one name server (NS) resource record, indicating a root DNS server and a corresponding host (A) resource record for that server.  For more information, see the online Help.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1004 — The DNS server could not find or open zone file param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not find or open zone file param1. in the %SystemRoot%\System32\Dns directory. Verify that the zone file is located in this directory and that it contains valid data.

Message #

The DNS server could not find or open zone file %1.  in the %SystemRoot%\System32\Dns directory.  Verify that the zone file is located in this directory and that it contains valid data.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1008 — The DNS server was unable to create the path for file param1 in directory param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to create the path for file param1 in directory param2. The specified path is too long. Choose a different path.

Message #

The DNS server was unable to create the path for file %1 in directory %2. The specified path is too long.  Choose a different path.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1200 — The DNS server could not find or open boot file param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not find or open boot file param1. This file should be called 'Boot' and be located in the %SystemRoot%\System32\Dns directory.

Message #

The DNS server could not find or open boot file %1.  This file should be called 'Boot' and be located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1201 — The DNS server could not create zone param1 specified in file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not create zone param1 specified in file param2 at line param3. Check that the zone file is located in the %SystemRoot%\System32\Dns directory and that it contains valid data.

Message #

The DNS server could not create zone %1 specified in file %2 at line %3.  Check that the zone file is located in the %SystemRoot%\System32\Dns directory and that it contains valid data.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1202 — The DNS server encountered an unsupported 'directory' directive in the server boot file param1 at line param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an unsupported 'directory' directive in the server boot file param1 at line param2.

Message #

The DNS server encountered an unsupported 'directory' directive in the server boot file %1 at line %2. 
All database files must be located in the "%SystemRoot%\system32\dns" directory. The directory directive is ignored.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1203 — The DNS server encountered a 'forwarders' directive in with no forwarding addresses in file param1 at line param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a 'forwarders' directive in with no forwarding addresses in file %1 at line %2.  Although the DNS server will continue running it will not be able to forward unresolved queries to the forwarders.  To correct the problem, in the DNS console select the server in the console tree, then from the Action menu, click Properties and click the Forwarders tab.  Add IP addresses for forwarders.  For more information, see "Using forwarders" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1205 — The DNS server encountered an unknown boot option param1 in file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an unknown boot option %1 in file %2 at line %3. The option is ignored.  You may want to remove it the option from the boot file which is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1206 — DNS server encountered missing database directory name, in file param1, line param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

DNS server encountered missing database directory name, in file param1, line param2.

Message #

DNS server encountered missing database directory name, in file %1, line %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1501 — The DNS server could not parse zone file param1 for zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not parse zone file param1 for zone param2. Check that the zone file is located in the %SystemRoot%\System32\Dns directory and that it contains valid data.

Message #

The DNS server could not parse zone file %1 for zone %2.  Check that the zone file is located in the %SystemRoot%\System32\Dns directory and that it contains valid data.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1502 — The DNS server could not parse the token "param1" in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not parse the token "%1" in zone file %2 at line %3. Although the DNS server will continue to load, ignoring this token, it is recommended that you either correct the token or remove this resource record from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1503 — The DNS server could not parse the zone file param1 at line param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not parse the zone file %1 at line %2.  Although the DNS server continues to load, ignoring this line, it is recommended that you either correct the line or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1504 — The DNS server could not parse an unexpected token "param1" in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not parse an unexpected token "%1" in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this token, it is recommended that you either correct the token or remove the resource record from the zone file, which is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1505 — The DNS server unexpected end of line, in zone file param1 at line param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server unexpected end of line, in zone file param1 at line param2. To correct the problem, fix this line in the zone file, which is located in the %SystemRoot%\System32\Dns directory.

Message #

The DNS server unexpected end of line, in zone file %1 at line %2.  To correct the problem, fix this line in the zone file, which is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1506 — The DNS server encountered invalid token "param1" in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered invalid token "%1" in zone file %2 at line %3. Although the DNS server continues to load, ignoring this token, it is recommended that you either correct the token or remove this resource record from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1507 — The DNS server encountered invalid class token "param1" in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered invalid class token "%1" in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this resource record (RR), it is recommended that you either correct the class of the RR to use the Internet (IN) class or remove the resource record from the zone file. The DNS server supports only the Internet (IN) class in RRs.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1508 — The DNS server is ignoring an invalid resource record in zone file param1 at line param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server is ignoring an invalid resource record in zone file param1 at line param2.

Message #

The DNS server is ignoring an invalid resource record in zone file %1 at line %2. 
See the previously logged event for a description of the error. 
Although the DNS server continues to load, ignoring this RR, it is recommended that you investigate the error associated with this record and either correct it or remove it from the zone file.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1520 — The DNS server encountered the unknown directive 'param1' in file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered the unknown directive 'param1' in file param2 at line param3. The directive was ignored.

Message #

The DNS server encountered the unknown directive '%1' in file %2 at line %3. The directive was ignored.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1521 — The DNS server encountered the unsupported directive 'param1' in file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered the unsupported directive 'param1' in file param2 at line param3. The directive was ignored.

Message #

The DNS server encountered the unsupported directive '%1' in file %2 at line %3. The directive was ignored.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1522 — The DNS server encountered the obsolete directive 'param1' in file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered the obsolete directive 'param1' in file param2 at line param3. The directive was ignored.

Message #

The DNS server encountered the obsolete directive '%1' in file %2 at line %3. The directive was ignored.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1523 — The DNS server encountered the directive 'param1' in file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered the directive 'param1' in file param2 at line param3. The directive is not yet supported and was ignored.

Message #

The DNS server encountered the directive '%1' in file %2 at line %3. The directive is not yet supported and was ignored.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1524 — DNSSEC signatures with key tag param1, associated with records in zone param2, have expired.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

DNSSEC signatures with key tag %1, associated with records in  zone %2, have expired.  Name resolution will fail for resolvers that require validation until new signatures are created.  To create new signatures, re-sign the zone.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1525 — DNSSEC signatures with key tag param1, associated with records in zone param2, will expire on param3 (UTC time).

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

DNSSEC signatures with key tag %1, associated with records in zone %2, will expire on %3 (UTC time). Once the signatures expire, name resolution will fail for resolvers that require validation  until new signatures are created.  To create new signatures, re-sign the zone.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1540 — The DNS server unable to create domain node.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server unable to create domain node.

Message #

The DNS server unable to create domain node.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1541 — The DNS server encountered invalid domain name "param1" in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered invalid domain name "%1" in zone file %2 at line %3. Although the DNS server continues to load, ignoring this name, it is strongly recommended that you either correct the name or remove the resource record from the zone file, which is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1542 — The DNS server encountered invalid domain name "param1".

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered invalid domain name "param1".

Message #

The DNS server encountered invalid domain name "%1".

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1543 — The DNS server encountered domain name "param1" exceeding maximum length.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered domain name "%1" exceeding maximum length. Although the DNS server continues to load, ignoring this name, it is recommended that you either correct the name or remove the resource record from the zone file, which is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1544 — The DNS server encountered an invalid "@" token "param1" in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid "@" token "%1" in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this token, it is recommended that you either correct the token or remove the resource record from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1545 — The DNS server encountered a name outside of the specified zone in zone file param1 at line param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a name outside of the specified zone in zone file %1 at line %2.  Although the DNS server continues to load, ignoring this resource record (RR), it is recommended that you either correct the RR or remove it from the zone file, which is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1546 — The DNS server encountered an invalid name server (NS) resource record in zone file param1 at line param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid name server (NS) resource record in zone file %1 at line %2.  The use of NS resource records (RR) must be at either the zone root node or be placed at at the sub-zone context within the zone for a domain being delegated away from this zone. Although the DNS server continues to load, ignoring this RR, it is recommended that you either correct the RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.  For more information, see "Delegating zones" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1547 — The DNS server encountered an invalid host (A) resource record in zone file param1 at line param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid host (A) resource record in zone file %1 at line %2.  The use of A resource records (RRs) must be at a domain name within the zone, with the exception of glue A RRs which are used to resolve the host name specified in an NS RR also contained at the same domain node and used for a zone delegation.  Although the DNS server continues to load, ignoring this RR, it is strongly recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.  For more information, see "Delegating zones" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1600 — The DNS server encountered an unknown or unsupported resource record (RR) type param1 in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an unknown or unsupported resource record (RR) type %1 in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this RR, it is recommended that you either correct the record type or remove this RR from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1601 — DNS server encountered the obsolete record type param1 in database file param2, line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

DNS server encountered the obsolete record type param1 in database file param2, line param3.

Message #

DNS server encountered the obsolete record type %1 in database file %2, line %3. 
The record was ignored. 
 
MD or MF record types are obsolete.  They should be converted to MX record type which has the format:   MX <preference value> <mail server domain name> 
Example: 
	microsoft.com   MX 10 mai1.microsoft.com. 
 
For more information, see the "Resource records reference" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1602 — The DNS server encountered an invalid SOA (Start Of Authority) resource record (RR) in file param1 at line param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an invalid SOA (Start Of Authority) resource record (RR) in file param1 at line param2.

Message #

The DNS server encountered an invalid SOA (Start Of Authority) resource record (RR) in file %1 at line %2. 
An SOA record is required in every zone files and must satify the following conditions: 
 1)  The SOA record must be the first record in the zone file. 
 2)  The SOA record must belong to the root of the zone ("@" in zone file). 
 3)  Only one SOA is allowed in the zone. 
 4)  SOA records are NOT valid in root-hints (cache.dns) file. 
 
To correct the problem modify or repair the SOA RR in zone file %1, which can be found in the %SystemRoot%\System32\Dns directory. For more information, see the "Resource records reference" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1610 — The DNS server encountered a resource record (RR) in the zone file param1 at line param2 for a domain name with an existing CNAME (alias) RR.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a resource record (RR) in the zone file %1 at line %2 for a domain name with an existing CNAME (alias) RR.  Where used, CNAME RRs must be the only RR for the domain name they are used to provide an alias for.  Either this RR, or the CNAME RR it conflicts with, needs to be deleted from zone file %1, which can be found in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1611 — The DNS server encountered a CNAME (alias) resource record (RR) in zone file param1 at line param2 for a domain name with existing RRs.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a CNAME (alias) resource record (RR) in zone file %1 at line %2 for a domain name with existing RRs.  Where used, CNAME RRs must be the only RR for the domain name they are used to provide an alias for.  Either this CNAME RR, or the one it conflicts with, needs to be deleted from zone file %1, which can be found in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1612 — The DNS server encountered an alias (CNAME or DNAME) resource record (RR) in zone file param1 at line param2 that forms an alias loop with another alias RR...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an alias (CNAME or DNAME) resource record (RR) in zone file %1 at line %2 that forms an alias loop with another alias RR in the zone.  One of the alias RRs forming the loop must be removed from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1613 — The DNS server encountered an invalid preference value "param1" in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid preference value "%1" in zone file %2 at line %3.  The preference must be a valid 16-bit unsigned integer. To correct the problem, modify the preference field to a valid value. The zone file %2 is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1614 — The DNS server encountered a token "param1" of the wrong format in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a token "%1" of the wrong format in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this resource record (RR), it is recommended that you either correct this RR or remove it from zone file %2, located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1616 — The DNS server encountered a text string "param1" in zone file param2 at line param3 that exceeds the maximum permissible length.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a text string "%1" in zone file %2 at line %3 that exceeds the maximum permissible length.  Although the DNS server continues to load, ignoring this resource record (RR), it is strongly recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1617 — The DNS server encountered an invalid IP address "param1" in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid IP address "%1" in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this resource record (RR), it is recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1618 — The DNS server encountered an invalid IPv6 address "param1" in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid IPv6 address "%1" in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this resource record (RR), it is recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1619 — The DNS server could not find protocol "param1" specified for the well known service (WKS) resource record (RR) in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not find protocol "%1" specified for the well known service (WKS) resource record (RR) in zone file %2 at line %3.  Although the DNS server continues to load, ignoring this RR, it is strongly recommended that you either correct this WKS RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1620 — The DNS server could not find the service "param1" specified for the well known service (WKS) resource record (RR) in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not find the service "%1" specified for the well known service (WKS) resource record (RR) in zone file %2 at line %3. Although the DNS server continues to load, ignoring this RR, it is recommended that you either correct this WKS RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1621 — The DNS server encountered the port "param1" specified for the well known service (WKS) resource record (RR) in zone file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered the port "%1" specified for the well known service (WKS) resource record (RR) in zone file %2 at line %3. This port exceeds the maximum port supported for the WKS RR.  Although the DNS server continues to load, ignoring this RR, it is strongly recommended that you either correct this WKS RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1650 — The DNS server encountered invalid WINS record in file param1, line param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered invalid WINS record in file param1, line param2.

Message #

The DNS server encountered invalid WINS record in file %1, line %2. 
 
WINS records are subject to the following conditions: 
  1) WINS record must be in forward lookup zone (not in in-addr.arpa domain). 
  2) Only one WINS record may be specified in a zone file. 
  3) WINS record must belong to the zone root (the WINS record name must be the origin of the zone).  If WINS lookup is desired for names in a sub-domain of the zone, then the sub-domain must be split into its own zone. 
  4) WINS record must specify at least one WINS server. 
 
The format of a WINS record: 
WINS [LOCAL] [L<lookup timeout>] [C<cache timeout>] <WINS IP> [WINS IPs...] 
 
Examples (zone root assumed to be current origin): 
@ IN       WINS LOCAL L1 C10 10.10.10.1 10.10.10.2 10.10.10.3 
@ IN       WINS 10.10.10.1 
 
For more information, see "Using WINS lookup" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1651 — The DNS server encountered an invalid WINS reverse lookup (WINSR) resource record (RR) in file param1 at line param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an invalid WINS reverse lookup (WINSR) resource record (RR) in file param1 at line param2.

Message #

The DNS server encountered an invalid WINS reverse lookup (WINSR) resource record (RR) in file %1 at line %2. 
 
WINSR records are subject to the following conditions: 
  1) WINSR record must be in reverse lookup zone (under in-addr.arpa domain). 
  2) Only one WINSR record may be specified in a zone file. 
  3) WINSR record must belong to the zone root (the WINS record name must be the origin of the zone). 
  4) WINSR record must specify at domain for the resulting name. 
 
The format of a WINSR record: 
WINSR [LOCAL] [L<lookup timeout>] [C<cache timeout>] <result domain> 
 
Examples (zone root assumed to be current origin): 
@ IN       WINSR LOCAL L1 C10 microsoft.com. 
@ IN       WINSR wins.microsoft.com. 
 
For more information, see "Using WINS lookup" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1654 — The DNS server encountered an unknown WINS-to-DNS mapping flag param1 in file param2 at line param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an unknown WINS-to-DNS mapping flag %1 in file %2 at line %3.  Although the DNS server continues to load, ignoring this flag, it is recommended that you either correct the associated resource record or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 1656 — The DNS server encountered a WINS reverse lookup (WINSR) resource record (RR) without a domain specified for resulting names in zone file param1 at lin...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a WINS reverse lookup (WINSR) resource record (RR) without a domain specified for resulting names in zone file %1 at line %2.  This field is required for mapping names that are found in WINS reverse lookup to fully-qualified DNS domain names.  It is appended to the NetBIOS computer names resolved by NetBIOS adapter status queries. Although the DNS server will continue to load, ignoring this RR, it is recommended that you either correct the WINSR RR or disable WINS reverse lookup and/or remove the RR from the zone file. The zone file is located in the %SystemRoot%\System32\Dns directory. For more information, see "Using WINS lookup" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 2001 — The DNS server is now booting from the registry or directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server is now booting from the registry or directory. The existing server boot file will no longer be read by the DNS server at startup. For any new zones that you add or for changes you make to zone information, you must make them using the DNS console. 
The previous DNS server boot file has been moved to the %SystemRoot%\System32\Dns\backup directory. 
To return to using a boot file, use the DNS console and reconfigure the boot method for the server.  For more information, see "To change the boot method used by the DNS server" in the online Help.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 2002 — The DNS server has written a new version of the boot file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has written a new version of the boot file.  Either new zones or changes to existing zone information were made through the DNS console that required the DNS server to update the information in this file.  A copy of the previous boot file has been moved to the %SystemRoot%\System32\Dns\backup directory.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 2003 — The DNS server encountered an error writing current configuration back to boot file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an error writing current configuration back to boot file. Verify that the current boot file contains all of the desired information. The Boot file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 2005 — The DNS server has been reconfigured to boot from a boot file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has been reconfigured to boot from a boot file. Current server and zone configuration information has been written to this file.

Message #

The DNS server has been reconfigured to boot from a boot file.  Current server and zone configuration information has been written to this file. 
To return to booting from the registry or Active Directory, use the DNS console and reconfigure the boot method for the server.  For more information, see "To change the boot method used by the DNS server" in the online Help.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 2200 — The DNS server could not open a registry key.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not open a registry key. Reinstall the DNS server if it was not able to be started. If the DNS server started, but couldn't load a zone, reload the zone or restart the DNS server.

Message #

The DNS server could not open a registry key.  Reinstall the DNS server if it was not able to be started.  If the DNS server started, but couldn't load a zone, reload the zone or restart the DNS server.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 2202 — The DNS server could not write a registry key.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not write a registry key.  The server disk could be full or corrupted or the maximum permissible size for the server registry has been reached.  The DNS server will not be able to save server or zone configuration parameters to in the registry unless the problem is fixed.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 2203 — The DNS server could not delete a registry key.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not delete a registry key.  The registry is likely corrupted.  The DNS server will not be able to save DNS server or zone configuration parameters in the registry unless the problem is fixed.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 2204 — The registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\%1 contains an invalid value or could not be read. The DNS server cannot start. You must change this value to valid data or delete it and then attempt to restart the DNS service.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 2501 — The DNS server has completed a scavenging cycle.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has completed a scavenging cycle.

Message #

The DNS server has completed a scavenging cycle: 
Visited Zones     = %1, 
Visited Nodes     = %2, 
Scavenged Nodes   = %3, 
Scavenged Records = %4. 
 
This cycle took %5 seconds. 
 
The next scavenging cycle is scheduled to run in %6 hours. 
 
The event data will contain the error code if there was an error during the scavenging cycle.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`param4` UnicodeString	—
`param5` UnicodeString	—
`param6` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 2502 — The DNS server has completed a scavenging cycle but no nodes were visited.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Informational

Description

The DNS server has completed a scavenging cycle but no nodes were visited. Possible causes of this condition include.

Message #

The DNS server has completed a scavenging cycle but no nodes were visited. Possible causes of this condition include: 
 
  1) No zones are configured for scavenging by this server. 
  2) A scavenging cycle was performed within the last %1 minutes. 
  3) An error occurred during scavenging. 
 
The next scavenging cycle is scheduled to run in %2 hours. 
 
The event data will contain the error code if there was an error during the scavenging cycle.

Fields #

Name	Description
`Name`	—
`param1` UnicodeString	—
`param2` UnicodeString	—
`Binary`	—
`__binLength` UInt32	—
`binary` Binary	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 2502,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854792192,
    "time_created": "2026-03-13T20:16:07.477086+00:00",
    "event_record_id": 150,
    "correlation": {},
    "execution": {
      "process_id": 3936,
      "thread_id": 8044
    },
    "channel": "DNS Server",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_AGING_SCAVENGING_END_NO_WORK",
    "param1": "30",
    "param2": "168",
    "Binary": ""
  },
  "message": ""
}

Event ID 2630 — DNS Server Configuration

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not configure the network connections of this computer with the local computer's IP address as the preferred DNS server, because this computer is connected to networks with different or invalid DNS namespaces. Manual configuration of the local DNS server to perform name resolution on one or more of the namespaces is required before the preferred DNS servers of this computer should be modified. 
 
If the network connections of this computer are not configured with the local computer's IP address as the preferred DNS server, this computer may not be able to dynamically register DC locator records in DNS. Absence of these records may prevent other Active Directory domain controllers and domain members from locating this domain controller. 
 
User Action: 
 
Ensure that DC locator DNS records enumerated in the file %SystemRoot%\system32\config\netlogon.dns are registered on the local DNS server. If these records are not registered in DNS: 
a) Add a delegation to this DNS server to parent DNS zone matching the name of the Active Directory domain OR 
b) Configure the local DNS server with appropriate root hints and forwarders (if necessary) and configure the network connections of this computer with the local computer's IP address as the preferred DNS server. Note that other computers using other DNS servers as their preferred or alternate DNS servers may not be able to locate this domain controller, unless the DNS infrastructure is properly configured.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 2631 — The DNS server successfully autoconfigured.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Informational

Description

The DNS server successfully autoconfigured.

Message #

The DNS server successfully autoconfigured: 
	%1 
	%2 
	%3 
	%4

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`param4` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 2631,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854779904,
    "time_created": "2022-04-07T08:13:51.349882+00:00",
    "event_record_id": 2,
    "correlation": {},
    "execution": {
      "process_id": 2208,
      "thread_id": 4676
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6",
    "security": {
      "user_id": "S-1-5-21-2121334350-1110938707-2888912545-500"
    }
  },
  "event_data": {
    "param1": "DNS server root hints",
    "param2": "DNS server forwarders",
    "param3": "DNS resolver",
    "param4": ""
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3150 — The DNS server wrote version param1 of zone param2 to file param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Informational

Description

The DNS server wrote version param1 of zone param2 to file param3.

Message #

The DNS server wrote version %1 of zone %2 to file %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 3150,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775824,
    "time_created": "2022-04-07T08:14:09.727051+00:00",
    "event_record_id": 5,
    "correlation": {},
    "execution": {
      "process_id": 2208,
      "thread_id": 7088
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "param1": "2",
    "param2": "lab.local",
    "param3": "lab.local.dns"
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 3151 — The DNS server unable to write zone file param1 for zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server unable to write zone file param1 for zone param2. Most likely the server disk is full. Free some disk space and re-initiate zone write.

Message #

The DNS server unable to write zone file %1 for zone %2.  Most likely the server disk is full.  Free some disk space and re-initiate zone write.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 3152 — The DNS server was unable to open file param1 for write.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to open file param1 for write. Most likely the file is a zone file that is already open. Close the zone file and re-initiate zone write.

Message #

The DNS server was unable to open file %1 for write.  Most likely the file is a zone file that is already open.  Close the zone file and re-initiate zone write.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 3153 — The DNS server encountered an error writing to file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an error writing to file. Most likely the server disk is full. Free some disk space at the server and re-initiate zone write. The event data is the error code.

Message #

The DNS server encountered an error writing to file.  Most likely the server disk is full.  Free some disk space at the server and re-initiate zone write. The event data is the error code.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 3162 — The DNS server encountered an unknown protocol writing a well known service (WKS) resource record to the zone file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an unknown protocol writing a well known service (WKS) resource record to the zone file. The event data is applicable the protocol number.

Message #

The DNS server encountered an unknown protocol writing a well known service (WKS) resource record to the zone file. The event data is applicable the protocol number.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 3163 — While writing a well known service (WKS) record to the zone file, the DNS server encountered a port number that is not associated with a known serv...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

While writing a well known service (WKS) record to the zone file, the DNS server encountered a port number that is not associated with a known service. The event data is the port number of the unknown service.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4000 — The DNS server was unable to open Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Error

Message #

The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Fields #

Name	Description
`Name`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 4000,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854841344,
    "time_created": "2022-04-07T16:54:41.266037+00:00",
    "event_record_id": 26,
    "correlation": {},
    "execution": {
      "process_id": 2320,
      "thread_id": 2848
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_DS_OPEN_FAILED",
    "Binary": "KiMAAA=="
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 4001 — The DNS server was unable to open zone param1 in the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to open zone %1 in the Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4002 — The DNS server was unable to add zone param1 to the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to add zone %1 to the Active Directory.  Check that the Active Directory is available.  Note that the zone will not be be added to and written to the directory unless you re-attempt adding the zone using the DNS console.  The event data contains the error. For more information see "Add and Remove Zones" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4003 — The DNS server was unable to delete zone param1 in the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to delete zone %1 in the Active Directory.  Check that the Active Directory is functioning properly.  Note that this zone will not be removed from the directory unless you retry deleting of the zone using the DNS console. The event data contains the error. For more information see "Add and Remove Zones" in the online Help.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4004 — The DNS server was unable to complete directory service enumeration of zone Name.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Error

Message #

The DNS server was unable to complete directory service enumeration of zone %1.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "%2". The event data contains the error.

Fields #

Name	Description
`Name`	—
`param1` UnicodeString	—
`param2` UnicodeString	—
`Binary`	—
`__binLength` UInt32	—
`binary` Binary	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 4004,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775824,
    "time_created": "2026-03-13T19:41:58.813981+00:00",
    "event_record_id": 139,
    "correlation": {},
    "execution": {
      "process_id": 3988,
      "thread_id": 6668
    },
    "channel": "DNS Server",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_DS_ZONE_ENUM_FAILED",
    "param1": ".",
    "param2": "",
    "Binary": "0D000000"
  },
  "message": ""
}

Event ID 4005 — The DNS server received indication that zone param1 was deleted from the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server received indication that zone param1 was deleted from the Active Directory. Since this zone was an Active Directory integrated zone, it has been deleted from the DNS server.

Message #

The DNS server received indication that zone %1 was deleted from the Active Directory.  Since this zone was an Active Directory integrated zone, it has been deleted from the DNS server.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4006 — The DNS server could not load the records for the DNS name param1 found in the Active Directory integrated zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not load the records for the DNS name %1 found in the Active Directory integrated zone %2. A possible cause is that this DNS name contains character(s) not permitted by the name-checking setting on this DNS server. 
 
To allow these records to be loaded choose the appropriate name-checking  setting on the DNS server. 
 
To delete these records from the Active Directory, first allow the DNS server to load them by changing the name-checking setting on this DNS server to allow all names. Then restart the DNS server service to cause the records to be loaded. The records will now appear in the DNS Manager and may be deleted. When the records have been deleted, restore the DNS server name-checking setting to the preferred value.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4007 — The DNS server was unable to open zone param1 in the Active Directory from the application directory partition param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Error

Message #

The DNS server was unable to open zone %1 in the Active Directory from the application directory partition %2. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 4007,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854906880,
    "time_created": "2022-04-07T16:55:35.860770+00:00",
    "event_record_id": 28,
    "correlation": {},
    "execution": {
      "process_id": 2320,
      "thread_id": 2848
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "param1": "_msdcs.lab.local",
    "param2": "ForestDnsZones.lab.local"
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 4010 — The DNS server was unable to create a resource record for param1 in zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to create a resource record for  %1 in zone %2. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4011 — The DNS server was unable to add or write an update of domain name param1 in zone param2 to the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to add or write an update of domain name %1 in zone %2 to the Active Directory.  Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is "%3". The event data contains the error.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4012 — The DNS server timed out attempting to write resource records to the Active Directory at param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server timed out attempting to write resource records to the Active Directory at %1.  Check that the directory is functioning properly and add or update the records using the DNS console. The event data contains the error.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4013 — The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Warning

Message #

The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

Fields #

Name	Description
`Name`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 4013,
    "version": 0,
    "level": 3,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854906880,
    "time_created": "2022-04-07T16:53:29.562920+00:00",
    "event_record_id": 24,
    "correlation": {},
    "execution": {
      "process_id": 2320,
      "thread_id": 2848
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_DS_OPEN_WAIT"
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 4014 — The DNS server was unable to initialize Active Directory security interfaces.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to initialize Active Directory security interfaces. Check that the Active Directory is functioning properly and restart the DNS server. The event data contains the error.

Message #

The DNS server was unable to initialize Active Directory security interfaces. Check that the Active Directory is functioning properly and restart the DNS server. The event data contains the error.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4015 — The DNS server has encountered a critical error from the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Error

Message #

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "%1". The event data contains the error.

Fields #

Name	Description
`Name`	—
`Data`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 4015,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854906880,
    "time_created": "2022-04-07T16:59:32.615235+00:00",
    "event_record_id": 31,
    "correlation": {},
    "execution": {
      "process_id": 2320,
      "thread_id": 764
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_DS_INTERFACE_ERROR",
    "Data": {
      "Name": "param1",
      "Value": ""
    },
    "Binary": "UQAAAA=="
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 4016 — The DNS server timed out attempting an Active Directory service operation on param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server timed out attempting an Active Directory service operation on param1. Check Active Directory to see that it is functioning properly. The event data contains the error.

Message #

The DNS server timed out attempting an Active Directory service operation on %1.  Check Active Directory to see that it is functioning properly. The event data contains the error.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4017 — The DNS server was unable to load or create the DnsAdmins group.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to load or create the DnsAdmins group. The most likely cause is that the Group Name has been changed. The DNS server will continue but for full functionality the DnsAdmins group should be repaired. The event data contains the error.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4018 — The DNS server was unable to begin background loading of Active Directory-integrated zones.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to begin background loading of Active Directory-integrated zones. There may be a system resource problem. The DNS server service will now terminate. The event data contains the error.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4019 — The DNS server attempted to load the Active Directory-integrated zone param1 in the background but there was an error during load.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server attempted to load the Active Directory-integrated zone %1 in the background but there was an error during load. This zone will now be shut down. Correct the error and restart the DNS server service. The event data contains the error.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4020 — The DNS server is now starting to load zone param1 in the background.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server is now starting to load zone param1 in the background. While the zone is being loaded all DNS updates and zone transfer requests will be refused.

Message #

The DNS server is now starting to load zone %1 in the background. While the zone is being loaded all DNS updates and zone transfer requests will be refused.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4021 — The DNS server has completed background loading of zone param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has completed background loading of zone param1. The zone is now available for updates and zone transfers if allowed by the zone's configuration. It took param2 seconds to load the zone.

Message #

The DNS server has completed background loading of zone %1. The zone is now available for updates and zone transfers if allowed by the zone's configuration. It took %2 seconds to load the zone.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4400 — The DNS server is experiencing high SOA query load.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server is experiencing high SOA query load. This may be caused by a large number of local client machines performing updates. Single object replication of DNS records corresponding to SOA queries is being throttled. This may delay replication of updates to this RODC DNS server, however scheduled replication will not be affected.

Event ID 4401 — The DNS server is experiencing high SOA query load.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server is experiencing high SOA query load. This may be caused by a large number of local client machines performing updates. Single object replication of DNS records corresponding to SOA queries is being throttled. This may delay replication of updates to this RODC DNS server, however scheduled replication will not be affected.

Event ID 4500 — The DNS Application Directory Partition param1 was created.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Informational

Description

The DNS Application Directory Partition param1 was created. The distinguished name of the root of this Directory Partition is param2.

Message #

The DNS Application Directory Partition %1 was created. The distinguished name of the root of this Directory Partition is %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 4500,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854906880,
    "time_created": "2022-04-07T08:15:14.778973+00:00",
    "event_record_id": 14,
    "correlation": {},
    "execution": {
      "process_id": 2732,
      "thread_id": 4188
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "param1": "ForestDnsZones.lab.local",
    "param2": "DC=ForestDnsZones,DC=sigma,DC=fr"
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 4501 — The DNS Application Directory Partition param1 was deleted.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS Application Directory Partition param1 was deleted. The distinguished name of the root of this Directory Partition was param2.

Message #

The DNS Application Directory Partition %1 was deleted. The distinguished name of the root of this Directory Partition was %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4502 — The DNS added the local Active Directory to the replication scope of Application Directory Partition param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS added the local Active Directory to the replication scope of Application Directory Partition param1. The distinguished name of the root of this Directory Partition is param2.

Message #

The DNS added the local Active Directory to the replication scope of Application  Directory Partition %1. The distinguished name of the root of this Directory Partition is %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4503 — The DNS removed the local Active Directory from the replication scope of Application Directory Partition param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS removed the local Active Directory from the replication scope of Application Directory Partition param1. The distinguished name of the root of this Directory Partition is param2.

Message #

The DNS removed the local Active Directory from the replication scope of Application  Directory Partition %1. The distinguished name of the root of this Directory Partition is %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4510 — The DNS server was unable to connect to the domain naming FSMO param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to connect to the domain naming FSMO %1. No modifications to Directory Partitions are possible until the FSMO server is available for LDAP connections. The event data contains the error code.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4511 — The zone param1 was not successfully saved to the new directory partition as param2 due to an error deleting the zone from the old directory partition as param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The zone %1 was not successfully saved to the new directory partition as %2 due to an error deleting the zone from the old directory partition as %3.  The DNS Server has attempted to undo the changes, but manual cleanup of the zone may be required. The event data contains the error code.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4512 — The DNS server was unable to create the built-in directory partition param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to create the built-in directory partition param1. The error was param2.

Message #

The DNS server was unable to create the built-in directory partition %1. The error was %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4513 — The DNS server detected that it is not enlisted in the replication scope of the directory partition param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server detected that it is not enlisted in the replication scope of the directory partition %1. This prevents the zones that should be replicated to all DNS servers in the %2 forest from replicating to this DNS server. 
 
To create or repair the forest-wide DNS directory partition, open the DNS  console. Right-click the applicable DNS server, and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information, see 'To create the default DNS application directory partitions' in Help and Support. 
 
The error was %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4514 — The DNS server detected that it is not enlisted in the replication scope of the directory partition param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server detected that it is not enlisted in the replication scope of the  directory partition %1. This prevents the zones that should be replicated to all DNS servers in the %2 domain from replicating to this DNS server. For information on how to add a DNS server to the replication scope of an application directory partition, please see Help and Support. 
 
To create or repair the domain-wide DNS directory partition, open the DNS  console. Right-click the applicable DNS server, and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information, see 'To create the default DNS application directory partitions' in Help and Support. 
 The error was %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4515 — The zone param1 was previously loaded from the directory partition param2 but another copy of the zone has been found in directory partition param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The zone %1 was previously loaded from the directory partition %2 but another copy of the zone has been found in directory partition %3. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible. 
 
If an administrator has moved this zone from one directory partition to another this may be a harmless transient condition. In this case, no action is necessary. The deletion of the original copy of the zone should soon replicate to this server. 
 
If there are two copies of this zone in two different directory partitions but this is not a transient caused by a zone move operation then one of these copies should be deleted as soon as possible to resolve this conflict. 
 
To change the replication scope of an application directory partition containing DNS zones and for more details on storing DNS zones in the application directory partitions, please see Help and Support.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4520 — The DNS server encountered error param1 building the zone list from Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered error %1 building the zone list from Active Directory. The DNS server will sleep for %2 seconds and try again. This can be caused by high Active Directory load and may be a transient condition.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4521 — The DNS server encountered error param1 attempting to load zone param2 from Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered error %1 attempting to load zone %2 from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 4522 — The DNS server has deleted all records for a corrupt DNS node from Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has deleted all records for a corrupt DNS node from Active Directory. The DNS node's distinguished name was param1.

Message #

The DNS server has deleted all records for a corrupt DNS node from Active Directory. The DNS node's distinguished name was %1.

Fields #

Name	Description
`param1` UnicodeString	—

Event ID 4523 — The DNS server has detected that the application directory partition param1 is replicating onto this domain controller.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has detected that the application directory partition %1 is replicating onto this domain controller. DNS data will not be loaded from this new directory partition until initial replication has completed.

Fields #

Name	Description
`param1` UnicodeString	—

Event ID 4524 — The DNS server has detected that the application directory partition param1 has finished replicating onto this domain controller.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has detected that the application directory partition param1 has finished replicating onto this domain controller. DNS data will now be loaded from this directory partition.

Message #

The DNS server has detected that the application directory partition %1 has finished replicating onto this domain controller. DNS data will now be loaded from this directory partition.

Fields #

Name	Description
`param1` UnicodeString	—

Event ID 5051 — The DNS server is using a large amount of memory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server is using a large amount of memory. The data is the current memory allocated.

Message #

The DNS server is using a large amount of memory.  The data is the current memory allocated.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5105 — The DNS server attempted to cache an CNAME (alias) resource record for the domain node.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server attempted to cache an CNAME (alias) resource record for the domain node. The operation failed, since the CNAME RR must be the only RR for its domain name.

Message #

The DNS server attempted to cache an CNAME (alias) resource record for the domain node.  The operation failed, since the CNAME RR must be the only RR for its domain name.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5106 — The DNS server attempted to cache an CNAME (alias) resource record (RR) for a domain name with existing RRs.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server attempted to cache an CNAME (alias) resource record (RR) for a domain name with existing RRs. The CNAME RR is ignored, since it must be the only RR for its domain name.

Message #

The DNS server attempted to cache an CNAME (alias) resource record (RR) for a domain name with existing RRs.  The CNAME RR is ignored, since it must be the only RR for its domain name.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5107 — The DNS server created CNAME (alias) loop caching CNAME resource records (RRs).

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server created CNAME (alias) loop caching CNAME resource records (RRs). The record is ignored, since CNAME loops are not allowed.

Message #

The DNS server created CNAME (alias) loop caching CNAME resource records (RRs).  The record is ignored, since CNAME loops are not allowed.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5108 — The DNS server created an CNAME (alias) loop loading CNAME at param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server created an CNAME (alias) loop loading CNAME at param1. One link in CNAME loop: DNS name param2 is an alias for CNAME param3. See adjoining messages for other links in the CNAME loop.

Message #

The DNS server created an CNAME (alias) loop loading CNAME at %1. One link in CNAME loop:  DNS name %2 is an alias for CNAME %3. See adjoining messages for other links in the CNAME loop.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5500 — The DNS server received a bad DNS query from param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server received a bad DNS query from param1. The query was rejected or ignored. The event data contains the DNS packet.

Message #

The DNS server received a bad DNS query from %1.  The query was rejected or ignored. The event data contains the DNS packet.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5501 — The DNS server encountered a bad packet from param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered a bad packet from param1. Packet processing leads beyond packet length. The event data contains the DNS packet.

Message #

The DNS server encountered a bad packet from %1.  Packet processing leads beyond packet length. The event data contains the DNS packet.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5502 — The DNS server received a bad TCP-based DNS message from param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server received a bad TCP-based DNS message from param1. The packet was rejected or ignored. The event data contains the DNS packet.

Message #

The DNS server received a bad TCP-based DNS message from %1.  The packet was rejected or ignored. The event data contains the DNS packet.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5504 — The DNS server encountered an invalid domain name in a packet from param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an invalid domain name in a packet from param1. The packet will be rejected. The event data contains the DNS packet.

Message #

The DNS server encountered an invalid domain name in a packet from %1. The packet will be rejected. The event data contains the DNS packet.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5505 — The DNS server encountered a domain name exceeding the maximum length in the packet from param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered a domain name exceeding the maximum length in the packet from param1. The event data contains the DNS packet.

Message #

The DNS server encountered a domain name exceeding the maximum length in the packet from %1. The event data contains the DNS packet.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5506 — The DNS server encountered an invalid domain name offset in a packet from param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an invalid domain name offset in a packet from param1. The event data contains the DNS packet.

Message #

The DNS server encountered an invalid domain name offset in a packet from %1. The event data contains the DNS packet.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5507 — The DNS server encountered a name offset exceeding the packet length from param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered a name offset exceeding the packet length from param1. The event data contains the DNS packet.

Message #

The DNS server encountered a name offset exceeding the packet length from %1. The event data contains the DNS packet.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5508 — The DNS server encountered a packet name exceeding the maximum label count from param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered a packet name exceeding the maximum label count from param1. The event data contains the DNS packet.

Message #

The DNS server encountered a packet name exceeding the maximum label count from %1. The event data contains the DNS packet.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5509 — The DNS server encountered an invalid DNS update message from param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an invalid DNS update message from param1. The packet was rejected. The event data contains the DNS packet.

Message #

The DNS server encountered an invalid DNS update message from %1.  The packet was rejected. The event data contains the DNS packet.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5510 — The DNS server encountered an invalid response message from param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an invalid response message from param1. The packet was rejected. The event data contains the DNS packet.

Message #

The DNS server encountered an invalid response message from %1.  The packet was rejected. The event data contains the DNS packet.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 5511 — The DNS server encountered a name with a label whose length exceeds the maximum of 63 bytes from param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered a name with a label whose length exceeds the maximum of 63 bytes from param1. The event data contains the DNS packet.

Message #

The DNS server encountered a name with a label whose length exceeds the maximum  of 63 bytes from %1. The event data contains the DNS packet.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6000 — The DNS server started transfer of version param1 of zone param2 to the DNS server at param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server started transfer of version param1 of zone param2 to the DNS server at param3.

Message #

The DNS server started transfer of version %1 of zone %2 to the DNS server at %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6001 — The DNS server successfully completed transfer of version param1 of zone param2 to the DNS server at param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Collection Priority: Recommended (ASD)

Description

The DNS server successfully completed transfer of version param1 of zone param2 to the DNS server at param3.

Message #

The DNS server successfully completed transfer of version %1 of zone %2 to the DNS server at %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6002 — The transfer of version param1 of zone param2 by the DNS server was aborted by the server at param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The transfer of version param1 of zone param2 by the DNS server was aborted by the server at param3. To restart the transfer of the zone, you must initiate transfer at the secondary server.

Message #

The transfer of version %1 of zone %2 by the DNS server was aborted by the server at %3. To restart the transfer of the zone, you must initiate transfer at the secondary server.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6003 — The DNS server received a request from param1 for a UDP-based transfer of the entire zone.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server received a request from param1 for a UDP-based transfer of the entire zone. The request was ignored because full zone transfers must be made using TCP.

Message #

The DNS server received a request from %1 for a UDP-based transfer of the entire zone.  The request was ignored because full zone transfers must be made using TCP.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6004 — The DNS server received a zone transfer request from param1 for a non-existent or non-authoritative zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Warning

Description

The DNS server received a zone transfer request from param1 for a non-existent or non-authoritative zone param2.

Message #

The DNS server received a zone transfer request from %1 for a non-existent or non-authoritative zone %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 6004,
    "version": 0,
    "level": 3,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036855300096,
    "time_created": "2020-07-11T12:58:57.451062+00:00",
    "event_record_id": 343,
    "correlation": {},
    "execution": {
      "process_id": 1764,
      "thread_id": 2284
    },
    "channel": "DNS Server",
    "computer": "rootdc1.offsec.lan",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "param1": "10.23.23.9",
    "param2": "hacking-zone.lan."
  },
  "message": ""
}

Detection Rules #

View all rules referencing this event →

Sigma # view in reference

Failed DNS Zone Transfer source medium: Detects when a DNS zone transfer failed.

References #

Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Event ID 6520 — Zone param1 was updated to version param2 of the zone as provided from the master server at param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Zone param1 was updated to version param2 of the zone as provided from the master server at param3.

Message #

Zone %1 was updated to version %2 of the zone as provided from the master server at %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6521 — Zone param1 is synchronized with version param2 of the zone as provided from the master server at param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Zone param1 is synchronized with version param2 of the zone as provided from the master server at param3.

Message #

Zone %1 is synchronized with version %2 of the zone as provided from the master server at %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6522 — A more recent version, version param1 of zone param2 was found at the DNS server at param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

A more recent version, version param1 of zone param2 was found at the DNS server at param3. Zone transfer is in progress.

Message #

A more recent version, version %1 of zone %2 was found at the DNS server at %3. Zone transfer is in progress.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6523 — Zone param1 failed zone refresh check.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

Zone %1 failed zone refresh check.  Unable to connect to master DNS server at %2 to receive zone transfer.  Check that the zone contains correct IP address for the master server or if network failure has occurred.  For more information, see "To update the master server for a secondary zone" in the online Help.  If available, you can specify more than one master server in the list for this zone.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6524 — Invalid response from master DNS server at param2 during attempted zone transfer of zone param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

Invalid response from master DNS server at %2 during attempted zone transfer of zone %1.  Check the DNS server at %2 and ensure that it is authoritative for this zone.  This can be done by viewing or updating the list of authoritative servers for the zone.  When using the DNS console, select zone %1 Properties at server %2 and click the Name Servers tab.  If needed, you can add or update this server in the list there.  As an alternative solution, you could also modify settings in the Zone Transfer tab to allow transfer of the zone to this and other DNS servers.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6525 — A zone transfer request for the secondary zone param1 was refused by the master DNS server at param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

A zone transfer request for the secondary zone %1 was refused by the master DNS server at %2. Check the zone at the master server %2 to verify that zone transfer is enabled to this server.  To do so, use the DNS console, and select master server %2 as the applicable server, then in secondary zone %1 Properties, view the settings on the Zone Transfers tab.  Based on the settings you choose, make any configuration adjustments there (or possibly in the Name Servers tab) so that a zone transfer can be made to this server.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6526 — Zone param1 version param2 is newer than version param3 on DNS server at param4.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Zone param1 version param2 is newer than version param3 on DNS server at param4. The zone was not updated.

Message #

Zone %1 version %2 is newer than version %3 on DNS server at %4.  The zone was not updated. 
DNS servers supplying zones for transfer must have the most recent version of the zone, based on the primary zone.  If zone on remote server %4, is in fact the most recent version of the zone, do the following at that server: 
 (1) stop the DNS server, 
 (2) delete the zone file (not the zone itself) and 
 (3) restart the DNS server 
The DNS server will transfer the new version and write its zone file. 
When deleting the zone file at server %4, locate the file named %1.dns in the %SystemRoot%\System32\Dns directory and delete it. An alternative solution is to delete and recreate the secondary zone at server %4.  This could be preferred if this server hosts large zones and restarting it at this time would be a consuming or costly operation.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`param4` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6527 — Zone param1 expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Zone param1 expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone has been shut down.

Message #

Zone %1 expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.  The zone has been shut down.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6528 — The scope param1 of zone param2 expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The scope param1 of zone param2 expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone scope has been shut down.

Message #

The scope %1 of zone %2 expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.  The zone scope has been shut down.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6529 — The operation for zone param1 is not complete.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The operation for zone param1 is not complete. The scope param2 of zone failed during conversion. The event data contains the error.

Message #

The operation for zone %1 is not complete. The scope %2 of zone failed during conversion. The event data contains the error.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6530 — During transfer of zone param1 from master at param2, the DNS server received a resource record (RR) for domain node param3 at which an CNAME (alias) RR was al...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

During transfer of zone %1 from master at %2, the DNS server received a resource record (RR) for domain node %3 at which an CNAME (alias) RR was already received.  When used, the CNAME RR must be the only record for its domain name.  The CNAME RR for %3 will be ignored.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6531 — During transfer of zone param1 from master at param2, the DNS server received a CNAME (alias) resource record (RR) for domain node param3 for which other recor...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

During transfer of zone %1 from master at %2, the DNS server received a CNAME (alias) resource record (RR) for domain node %3 for which other records of that name were already received.  When used, the CNAME RR must be the only record for its domain name.  The CNAME RR for %3 will be ignored.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6532 — During transfer of zone param1 from master at param2, the DNS server received a CNAME (alias) resource record (RR) for domain node param3 which would form an C...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

During transfer of zone %1 from master at %2, the DNS server received a CNAME (alias) resource record (RR) for domain node %3 which would form an CNAME loop if accepted and used.  The CNAME RR for %3 is being ignored.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6533 — The DNS server could not create a zone transfer thread.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not create a zone transfer thread. The system may be out of resources. Close any applications not in use or reboot the computer to free memory. The event data contains the error.

Message #

The DNS server could not create a zone transfer thread.  The system may be out of resources.  Close any applications not in use or reboot the computer to free memory. The event data contains the error.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6534 — Failed transfer of zone param1 from DNS server at param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

Failed transfer of zone %1 from DNS server at %2.  The DNS server at %2 aborted or failed to complete transfer of the zone.  Check the DNS server at %2 and ensure it is properly functioning and authoritative for zone %1.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6535 — The master DNS server at param2 responded to IXFR (Incremental Zone Transfer) request for zone param1 with an invalid (FORMAT ERROR) response.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The master DNS server at %2 responded to IXFR (Incremental Zone Transfer) request for zone %1 with an invalid (FORMAT ERROR) response.  DNS server performance and network bandwidth will both be improved by upgrading the DNS server at %2 to a run as either a Windows 2000 or later Microsoft DNS server or another IXFR-compatible DNS server implementation.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 6536 — Invalid IXFR (Incremental Zone Transfer) response from master DNS server at param2 during attempted incremental transfer of zone param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

Invalid IXFR (Incremental Zone Transfer) response from master DNS server at %2 during attempted incremental transfer of zone %1.  Check the DNS server at %2, and verify its is running as a Windows 2000 or later Microsoft DNS server or  another IXFR-compatible DNS server implementation.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7050 — The DNS server recv() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server recv() function failed. The event data contains the error.

Message #

The DNS server recv() function failed. The event data contains the error.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7051 — The DNS server recvfrom() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server recvfrom() function failed. The event data contains the error.

Message #

The DNS server recvfrom() function failed. The event data contains the error.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7052 — The DNS server send() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server send() function failed. The event data contains the error.

Message #

The DNS server send() function failed. The event data contains the error.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7053 — The DNS server sendto() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server sendto() function failed. The event data contains the error.

Message #

The DNS server sendto() function failed. The event data contains the error.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7054 — The DNS server select() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server select() function failed. The event data contains the error.

Message #

The DNS server select() function failed. The event data contains the error.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7055 — The DNS server accept() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server accept() function failed. The event data contains the error.

Message #

The DNS server accept() function failed. The event data contains the error.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7056 — The DNS server GetQueuedCompletionStatus() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server GetQueuedCompletionStatus() function failed. The event data contains the error.

Message #

The DNS server GetQueuedCompletionStatus() function failed. The event data contains the error.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7060 — The DNS server could not connect to DNS server at param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not connect to DNS server at param1. The event data contains the error.

Message #

The DNS server could not connect to DNS server at %1. The event data contains the error.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7062 — The DNS server encountered a packet addressed to itself on IP address param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered a packet addressed to itself on IP address param1. The packet is for the DNS name "param2". The packet will be discarded. This condition usually indicates a configuration error.

Message #

The DNS server encountered a packet addressed to itself on IP address %1. The packet is for the DNS name "%2". The packet will be discarded. This condition usually indicates a configuration error. 
 
Check the following areas for possible self-send configuration errors: 
  1) Forwarders list. (DNS servers should not forward to themselves). 
  2) Master lists of secondary zones. 
  3) Notify lists of primary zones. 
  4) Delegations of subzones.  Must not contain NS record for this DNS server unless subzone is also on this server. 
  5) Root hints. 
 
Example of self-delegation: 
  -> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com. 
  -> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com, 
  (bar.example.microsoft.com NS dns1.example.microsoft.com) 
  -> BUT the bar.example.microsoft.com zone is NOT on this server. 
 
Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result.  If found, the subzone DNS server admin should remove the offending NS record. 
 
You can use the DNS server debug logging facility to track down the cause of this problem.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7500 — The DNS server failed to process a packet from param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server failed to process a packet from param1. The packet was discarded.

Message #

The DNS server failed to process a packet from %1.  The packet was discarded.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7502 — The DNS server was unable to service a client request due a shortage of available memory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to service a client request due a shortage of available memory. Close any applications not in use or reboot the computer to free memory.

Message #

The DNS server was unable to service a client request due a shortage of available memory.  Close any applications not in use or reboot the computer to free memory.

Fields #

Name	Description
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7503 — The DNS server could not allocate memory for resource record param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not allocate memory for resource record param1. Close any applications not in use or reboot the computer to free memory.

Message #

The DNS server could not allocate memory for resource record %1. Close any applications not in use or reboot the computer to free memory.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7504 — The DNS server could not allocate memory for the node of domain name param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not allocate memory for the node of domain name param1. Close any applications not in use or reboot the computer to free memory.

Message #

The DNS server could not allocate memory for the node of domain name %1. Close any applications not in use or reboot the computer to free memory.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7600 — The global query block list is a feature that prevents attacks on your network by blocking DNS queries for specific host names.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The global query block list is a feature that prevents attacks on your network by blocking DNS queries for specific host names. This feature has caused the DNS server to fail a query with error code NAME ERROR for %1 even though data for this DNS name exists in the DNS database. Other queries in all locally authoritative zones for other names that begin with labels in the block list will also fail, but no event will be logged when further queries are blocked until the DNS server service on this computer is restarted. See product documentation for information about this feature and instructions on how to configure it.
 
Below is the current global query block list (this list may be truncated in this event if it is too long):
%2

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—

Event ID 7616 — The TrustAnchors zone could not be loaded:param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The TrustAnchors zone could not be loaded:param1.

Message #

The TrustAnchors zone could not be loaded:%1

Fields #

Name	Description
`param1` UnicodeString	—

Event ID 7632 — The DNSSEC trust point param1 is available for DNSSEC validation.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNSSEC trust point param1 is available for DNSSEC validation. The DNSKEY records for this trust point will be refreshed to check for updates at param2.

Message #

The DNSSEC trust point %1 is available for DNSSEC validation. The DNSKEY records for this trust point will be refreshed to check for updates at %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UInt64	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7633 — The DNSSEC trust point param1 is available for DNSSEC validation.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNSSEC trust point param1 is available for DNSSEC validation.

Message #

The DNSSEC trust point %1 is available for DNSSEC validation.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7634 — The DNSSEC trust point param1 is not available for DNSSEC validation, because a valid DNSKEY record that matches the provided DS trust anchor(s) has no...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNSSEC trust point %1 is not available for DNSSEC validation, because a valid DNSKEY record that matches the provided DS trust anchor(s) has not yet been found. An attempt to find a matching DNSKEY record will be made during the next active refresh at %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UInt64	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7635 — The DNSSEC trust point param1 will be deleted after param2 because it has no valid trust anchors.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNSSEC trust point param1 will be deleted after param2 because it has no valid trust anchors.

Message #

The DNSSEC trust point %1 will be deleted after %2 because it has no valid trust anchors.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UInt64	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7636 — The DNSSEC trust point param1 has been deleted because it has no valid or revoked trust anchors.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNSSEC trust point param1 has been deleted because it has no valid or revoked trust anchors.

Message #

The DNSSEC trust point %1 has been deleted because it has no valid or revoked trust anchors.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7637 — The DS record with the key tag param2 at the trust point param1 will be replaced with a DNSKEY trust anchor when a matching DNSKEY record is found during t...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DS record with the key tag param2 at the trust point param1 will be replaced with a DNSKEY trust anchor when a matching DNSKEY record is found during the next active refresh.

Message #

The DS record with the key tag %2 at the trust point %1 will be replaced with a DNSKEY trust anchor when a matching DNSKEY record is found during the next active refresh.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7638 — The DNSKEY with the key tag param2 at the trust point param1 is now a valid trust anchor for use in DNSSEC validations.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNSKEY with the key tag param2 at the trust point param1 is now a valid trust anchor for use in DNSSEC validations.

Message #

The DNSKEY with the key tag %2 at the trust point %1 is now a valid trust anchor for use in DNSSEC validations.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UInt32	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7639 — The trust anchor with the key tag param2 at the trust point param1 has been removed from the authoritative server without being revoked.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The trust anchor with the key tag %2 at the trust point %1 has been removed from the authoritative server without being revoked. This trust anchor is still valid for use in DNSSEC validations, but may need to be removed manually if its removal from the authoritative server was permanent.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UInt32	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7640 — The DNSKEY with the key tag param2 at the trust point param1 has been marked as revoked by the authoritative server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNSKEY with the key tag %2 at the trust point %1 has been marked as revoked by the authoritative server. This key is no longer valid for DNSSEC validations, and will be deleted then next time the server is restarted.

Fields #

Name	Description
`param1` UInt32	—
`param2` AnsiString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7641 — The DNSKEY with the key tag param2 at the trust point param1 will become a trust anchor after param3, if it is consistently present on the authoritative server.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNSKEY with the key tag param2 at the trust point param1 will become a trust anchor after param3, if it is consistently present on the authoritative server.

Message #

The DNSKEY with the key tag %2 at the trust point %1 will become a trust anchor after %3, if it is consistently present on the authoritative server.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7642 — The DS record with the key tag param2 at the trust point param1 does not correspond to a valid trust anchor.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DS record with the key tag %2 at the trust point %1 does not correspond to a valid trust anchor. The corresponding DNSKEY is not a key-signing-key (KSK) or no corresponding key could be found. The server try again to find a match at the next active refresh.

Fields #

Name	Description
`param1` AnsiString	—
`param2` UInt32	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7643 — The param3 with the key tag param2 at the trust point param1 has been deleted.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The param3 with the key tag param2 at the trust point param1 has been deleted.

Message #

The %3 with the key tag %2 at the trust point %1 has been deleted.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7644 — The active refresh query for the DNSKEY records at the trust point param1 has failed (param2).

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The active refresh query for the DNSKEY records at the trust point param1 has failed (param2). This query will be retried at param3. Check that a DNS query for the DNSKEY records at the trust point succeeds.

Message #

The active refresh query for the DNSKEY records at the trust point %1 has failed (%2). This query will be retried at %3. Check that a DNS query for the DNSKEY records at the trust point succeeds.

Fields #

Name	Description
`param1` AnsiString	—
`param2` UInt32	—
`param3` UInt64	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7645 — The active refresh query for the DNSKEY records at the trust point param1 has succeeded.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The active refresh query for the DNSKEY records at the trust point param1 has succeeded. This query will be repeated at param2.

Message #

The active refresh query for the DNSKEY records at the trust point %1 has succeeded. This query will be repeated at %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7646 — The zone param1 is now signed with DNSSEC.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The zone param1 is now signed with DNSSEC.

Message #

The zone %1 is now signed with DNSSEC.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7647 — The zone param1 is no longer signed with DNSSEC.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The zone param1 is no longer signed with DNSSEC.

Message #

The zone %1 is no longer signed with DNSSEC.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7648 — The DNS server has detected that it is no longer the Key Master for zone param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has detected that it is no longer the Key Master for zone param1. The Key Master role has been seized or transferred to param2.

Message #

The DNS server has detected that it is no longer the Key Master for zone %1. The Key Master role has been seized or transferred to %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7649 — The DNS server has successfully assumed Key Master responsibilities for zone param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has successfully assumed Key Master responsibilities for zone param1. The Key Master role was transferred to this server from param2.

Message #

The DNS server has successfully assumed Key Master responsibilities for zone %1.  The Key Master role was transferred to this server from %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7650 — The DNS server has started signing the zone param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has started signing the zone param1.

Message #

The DNS server has started signing the zone %1.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7652 — The DNS server encountered an error while signing the zone param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an error while signing the zone param1. The error code encountered during signing was param2.

Message #

The DNS server encountered an error while signing the zone %1. The error code encountered during signing was %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7653 — The DNS server has detected that zone signing parameters for zone param1 have been changed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has detected that zone signing parameters for zone param1 have been changed. The zone will be re-signed in param2 seconds.

Message #

The DNS server has detected that zone signing parameters for zone %1 have been changed. The zone will be re-signed in %2 seconds.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7654 — The DNS server was unable to sign zone data changed by dynamic update at node param1 in zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to sign zone data changed by dynamic update at node param1 in zone param2. The update has been rejected. The error code encountered during signing was param3.

Message #

The DNS server was unable to sign zone data changed by dynamic update at node %1 in zone %2. The update has been rejected. The error code encountered during signing was %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7655 — The DNS server was unable to sign zone data changed by a scavenging update to remove stale records at node param1 in zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to sign zone data changed by a scavenging update to remove stale records at node %1 in zone %2. Scavenging for this zone has been aborted. This operation will be retried on the next DNS server scavenging cycle. The error code encountered during signing was %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7656 — The DNS server was unable to sign zone changes replicated from another domain controller at node param1 in zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to sign zone changes replicated from another domain controller at node %1 in zone %2. Replication change processing for this zone has been aborted. This operation will be retried on the next DNS server polling cycle. The error code encountered during signing was %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7657 — The DNS server was unable to refresh signatures at node param1 in zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to refresh signatures at node %1 in zone %2. The signature update process for this zone been aborted. This operation will be retried on the next zone signature refresh cycle. The error code encountered during signing was %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7658 — The DNS server was unable to complete re-signing of the zone param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to complete re-signing of the zone param1. The error code encountered during signing was param2.

Message #

The DNS server was unable to complete re-signing of the zone %1. The error code encountered during signing was %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7659 — The DNS server was unable to sign new DS records from the child zone at node param1 in zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to sign new DS records from the child zone at node %1 in zone %2. The new DS records will not be incorporated into the zone and child zone polling for this zone has been be aborted. This operation will be retried on the next DNS server child polling cycle. The error code encountered during signing was %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7660 — The DNS server was unable to validate new DS records from the child zone at node param1 in zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to validate new DS records from the child zone at node param1 in zone param2. The new DS records will not be automatically incorporated into the zone and require manual update.

Message #

The DNS server was unable to validate new DS records from the child zone at node %1 in zone %2. The new DS records will not be automatically incorporated into the zone and require manual update.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7661 — The DNS server was unable to sign an administrative update at node param1 in zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to sign an administrative update at node param1 in zone param2. The update has been rejected. The error code encountered during signing was param3.

Message #

The DNS server was unable to sign an administrative update at node %1 in zone %2. The update has been rejected. The error code encountered during signing was %3.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7662 — The DNS server will not be able to automatically refresh the DS record set at node param1 in zone param2 because this DNS server does not support all DS an...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server will not be able to automatically refresh the DS record set at node %1 in zone %2 because this DNS server does not support all DS and DNSKEY algorithms used by the child zone. When this child zone?s key signing keys are rolled over, the DS record set will have to be manually imported.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7663 — The DNS server was unable to sign the zone param1 because it encountered an invalid DNSSEC signing key descriptor param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to sign the zone %1 because it encountered an invalid DNSSEC signing key descriptor %2. The error code encountered during validation was %3. Run the signing parameter validation on the Key Master for the zone to ensure that the signing key descriptors are valid.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7664 — The DNS server was unable to sign the zone param1 because it encountered an invalid DNSSEC signing configuration.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to sign the zone %1 because it encountered an invalid DNSSEC signing configuration. The error code encountered during validation was %2. Run the signing parameter validation on the Key Master for the zone to ensure that the correct parameters are configured.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7665 — The DNS server was unable to sign the zone param1 because it was unable to access the signing key descriptor param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to sign the zone %1 because it was unable to access the signing key descriptor %2. The error code encountered during signing was %3. Ensure that the signing key descriptors are accessible by this server.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7666 — The DNS server encountered an error signing zone param1 during load.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an error signing zone param1 during load. The error code encountered during signing was param2.

Message #

The DNS server encountered an error signing zone %1 during load. The error code encountered during signing was %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7667 — Keys for the Signing Key Descriptor param1 in zone param2 will be rolled over in less than 1 day.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Keys for the Signing Key Descriptor param1 in zone param2 will be rolled over in less than 1 day.

Message #

Keys for the Signing Key Descriptor %1 in zone %2 will be rolled over in less than 1 day.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7668 — Keys for the Signing Key Descriptor param1 in zone param2 will be rolled over in param3 days.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Keys for the Signing Key Descriptor param1 in zone param2 will be rolled over in param3 days.

Message #

Keys for the Signing Key Descriptor %1 in zone %2 will be rolled over in %3 days.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7669 — Keys for the Signing Key Descriptor param1 in zone param2 are starting the rollover process.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Keys for the Signing Key Descriptor param1 in zone param2 are starting the rollover process.

Message #

Keys for the Signing Key Descriptor %1 in zone %2 are starting the rollover process.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7670 — The rollover process for Signing Key Descriptor param1 in zone param2 is complete.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The rollover process for Signing Key Descriptor param1 in zone param2 is complete.

Message #

The rollover process for Signing Key Descriptor %1 in zone %2 is complete.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7671 — There was an error rolling keys for Signing Key Descriptor param1 in zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

There was an error rolling keys for Signing Key Descriptor param1 in zone param2. This Signing Key Descriptor will no longer attempt to roll its keys automatically.

Message #

There was an error rolling keys for Signing Key Descriptor %1 in zone %2.  This Signing Key Descriptor will no longer attempt to roll its keys automatically.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7672 — There was an error rolling keys for Signing Key Descriptor param1 in zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

There was an error rolling keys for Signing Key Descriptor param1 in zone param2. The DNS server will continue to attempt to complete the rollover.

Message #

There was an error rolling keys for Signing Key Descriptor %1 in zone %2.  The DNS server will continue to attempt to complete the rollover.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7673 — Retired Signing Key Descriptor param1 in zone param2 has been removed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Retired Signing Key Descriptor param1 in zone param2 has been removed.

Message #

Retired Signing Key Descriptor %1 in zone %2 has been removed.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7674 — Zone param1 has been transferred to one or more secondary DNS servers.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

Zone %1 has been transferred to one or more secondary DNS servers. This zone is signed and contains WINS records but the WINS records have been omitted from the zone transfer since secondary servers cannot sign WINS results. It is not recommended that zone transfer be deployed for signed zones that perform WINS forwarding.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7675 — The DNS server has started signing the scope param1 of zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has started signing the scope param1 of zone param2.

Message #

The DNS server has started signing the scope %1 of zone %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7676 — The scope param1 of zone param2 is signed with DNSSEC.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The scope param1 of zone param2 is signed with DNSSEC. The server will give DNSSEC compliant responses to DNSSEC queries for this scope.

Message #

The scope %1 of zone %2 is signed with DNSSEC. The server will give DNSSEC compliant responses to DNSSEC queries for this scope.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7677 — The DNS server encountered an error while signing the scope param1 of zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an error while signing the scope %1 of zone %2. The error code encountered during signing was %3. The server might not provide DNSSEC compliant responses to DNSSEC queries for this scope.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`VirtualizationID` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7678 — The scope param1 of zone param2 is no longer signed with DNSSEC.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The scope param1 of zone param2 is no longer signed with DNSSEC. The server will not provide DNSSEC compliant responses to DNSSEC queries for this scope.

Message #

The scope %1 of zone %2 is no longer signed with DNSSEC. The server will not provide DNSSEC compliant responses to DNSSEC queries for this scope.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7679 — The DNS server encountered an error while unsigning the scope param1 of zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an error while unsigning the scope %1 of zone %2. The error code encountered during unsigning was %3. The server might continue providing DNSSEC compliant responses to DNSSEC queries for this scope.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`VirtualizationID` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7680 — Failed to load scopes of zone param1.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

Failed to load scopes of zone %1. This might be due to failure while reading the scope information from registry. The zone should be reloaded. The event data is the error             code. [virtualization instance: %2].

Fields #

Name	Description
`param1` UnicodeString	—
`VirtualizationID` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7681 — Failed to load scope param1 of zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to load scope param1 of zone param2. Please check the scope and reload the zone. The event data is the error code. [virtualization instance: virtualizationId].

Message #

Failed to load scope %1 of zone %2. Please check the scope and reload the zone. The event data is the error code. [virtualization instance: %3].

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`virtualizationId` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7682 — Failed to load scope param1 of zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to load scope param1 of zone param2. The event data is the error code. [virtualization instance: virtualizationId].

Message #

Failed to load scope %1 of zone %2. The event data is the error code. [virtualization instance: %3].

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`virtualizationId` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7683 — Failed to write data of scope param1 of zone param2 into file param3.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

Failed to write data of scope %1 of zone %2 into file %3. Please ensure the file exists and is writable, and then attempt to rewrite the zone and scope data to their data files. The event data is the error code. [virtualization instance: %4].

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`VirtualizationID` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7684 — The cache scope param1 was flushed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The cache scope param1 was flushed.

Message #

The cache scope %1 was flushed.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7685 — A scope param1 has been added to server param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

A scope param1 has been added to server param2.

Message #

A scope %1 has been added to server %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7686 — A scope param1 has been deleted from server param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

A scope param1 has been deleted from server param2.

Message #

A scope %1 has been deleted from server %2.

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7687 — Failed to load scope param1 of server param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Failed to load scope param1 of server param2.

Message #

Failed to load scope %1 of server %2

Fields #

Name	Description
`param1` UnicodeString	—
`param2` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7688 — The size of the cache on DNS server is approaching its configured limit of param1 KB.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The size of the cache on DNS server is approaching its configured limit of %1 KB. An event has been fired by recursion thread to bring down the cache size within the configured limit. The system may experience momentary CPU spikes.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7689 — The size of the cache on DNS server is approaching its configured limit of param1 KB.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The size of the cache on DNS server is approaching its configured limit of %1 KB. Timeout thread has started to bring down the cache size within the configured limit. The system may experience momentary CPU spikes.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7690 — The size of the cache on DNS server has been brought within its configured limit of param1 KB.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The size of the cache on DNS server has been brought within its configured limit of param1 KB.

Message #

The size of the cache on DNS server has been brought within its configured limit of %1 KB.

Fields #

Name	Description
`param1` UnicodeString	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7691 — DNS service started with less privileges as KDC is unavailable at the moment.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

DNS service started with less privileges as KDC is unavailable at the moment. It is advisable to restart the service, otherwise some records from AD zones may not be accessible to the DNS service.

Message #

DNS service started with less privileges as KDC is unavailable at the moment. It is advisable to restart the service, otherwise some records from AD zones may not be accessible to the DNS service.

Event ID 7692 — The EDNS option code param1 for scope transaction during zone transfer is invalid.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The EDNS option code param1 for scope transaction during zone transfer is invalid. The default value i.e. param2 will be used.

Message #

The EDNS option code %1 for scope transaction during zone transfer is invalid. The default value i.e. %2 will be used.

Fields #

Name	Description
`param1` UInt64	—
`param2` UInt64	—
`__binLength` UInt32	—
`binary` Binary	—

Event ID 7693 — The XfrScopeOptionValue has been set to Name.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server
Level: Informational

Description

The XfrScopeOptionValue has been set to Name. This option ID will be used to communicate the scope information during zone transfers via an OPT RR.

Message #

The XfrScopeOptionValue has been set to %1.  This option ID will be used to communicate the scope information during zone transfers via an OPT RR.

Fields #

Name	Description
`Name`	—
`Data`	—
`Binary`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-DNS-Server-Service",
    "guid": "71A551F5-C893-4849-886B-B5EC8502641E",
    "event_source_name": "",
    "event_id": 7693,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854779904,
    "time_created": "2022-04-07T16:53:24.111885+00:00",
    "event_record_id": 23,
    "correlation": {},
    "execution": {
      "process_id": 2320,
      "thread_id": 2848
    },
    "channel": "DNS Server",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "DNS_EVENT_SCOPE_EDNS_OPCODE_SET",
    "Data": {
      "Name": "param1",
      "Value": 65433
    },
    "Binary": ""
  },
  "message": ""
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 7694 — The DNS server encountered an error param1 while signing the zone param2.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an error %1 while signing the zone %2. There was a failure while setting the length of the %3 signing key to %4. The DNS Server will attempt to create the key with the default length as set by the key storage provider %5.

Fields #

Name	Description
`param1` UInt32	—
`param2` UnicodeString	—
`param3` UnicodeString	—
`param4` UInt32	—
`param5` UnicodeString	—

Event ID 1073741826 — The DNS server has started.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has started.

Message #

The DNS server has started.

Event ID 1073741827 — The DNS server has shut down.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has shut down.

Message #

The DNS server has shut down.

Event ID 1073741828 — The DNS server has finished the background loading of zones.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has finished the background loading of zones. All zones are now available for DNS updates and zone transfers; as allowed by their individual zone configuration.

Message #

The DNS server has finished the background loading of zones. All zones are now available for DNS updates and zone transfers; as allowed by their individual zone configuration.

Event ID 1073742532 — The DNS server did not detect any zones of either primary or secondary type during initialization.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server did not detect any zones of either primary or secondary type during initialization. It will not be authoritative for any zones; and it will run as a caching-only server until a zone is loaded manually or by Active Directory replication. For more information; see the online Help.

Event ID 1073742533 — The DNS server has moved the AD-integrated root hint data for all DNS servers in this domain to the {param1} directory partition.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has moved the AD-integrated root hint data for all DNS servers in this domain to the {param1} directory partition.

Message #

The DNS server has moved the AD-integrated root hint data for all DNS servers in this domain to the {param1} directory partition.

Fields #

Name	Description
`param1`	—

Event ID 1073742534 — An administrator has changed the type and zone storage options of zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

An administrator has changed the type and zone storage options of zone {param1}. The zone is now type {param2}. The zone will be stored in the zone file {param3}.

Message #

An administrator has changed the type and zone storage options of zone {param1}. The zone is now type {param2}. The zone will be stored in the zone file {param3}.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073742535 — An administrator has changed the type and/or Active Directory location of zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

An administrator has changed the type and/or Active Directory location of zone {param1}. The zone is now type {param2}. The zone will be stored in Active Directory at {param3}.

Message #

An administrator has changed the type and/or Active Directory location of zone {param1}. The zone is now type {param2}. The zone will be stored in Active Directory at {param3}.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073742536 — An administrator has changed the zone storage options for zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

An administrator has changed the zone storage options for zone {param1}. The zone will now be stored in the zone file {param2}.

Message #

An administrator has changed the zone storage options for zone {param1}. The zone will now be stored in the zone file {param2}.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 1073742537 — An administrator has moved the zone {param1} to a new location in Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

An administrator has moved the zone {param1} to a new location in Active Directory. The zone will be stored in Active Directory at {param2}.

Message #

An administrator has moved the zone {param1} to a new location in Active Directory. The zone will be stored in Active Directory at {param2}.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 1073742624 — The zone {param1} is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS ser...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The zone {param1} is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot  be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates.

Fields #

Name	Description
`param1`	—

Event ID 1073743826 — The DNS server has written a new version of the boot file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has written a new version of the boot file.  Either new zones or changes to existing zone information were made through the DNS console that required the DNS server to update the information in this file.  A copy of the previous boot file has been moved to the %SystemRoot%\System32\Dns\backup directory.

Event ID 1073743829 — The DNS server has been reconfigured to boot from a boot file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has been reconfigured to boot from a boot file.  Current server and zone configuration information has been written to this file. To return to booting from the registry or Active Directory; use the DNS console and reconfigure the boot method for the server.  For more information; see 'To change the boot method used by the DNS server' in the online Help.

Event ID 1073744325 — The DNS server has completed a scavenging cycle: Visited Zones = {param1}; Visited Nodes = {param2}; Scavenged Nodes = {param3}; Scavenged Records ...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has completed a scavenging cycle: Visited Zones     = {param1}; Visited Nodes     = {param2}; Scavenged Nodes   = {param3}; Scavenged Records = {param4}.  This cycle took {param5} seconds.  The next scavenging cycle is scheduled to run in {param6} hours.  The event data will contain the error code if there was an error during the scavenging cycle.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—
`param4`	—
`param5`	—
`param6`	—

Event ID 1073744326 — The DNS server has completed a scavenging cycle but no nodes were visited.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has completed a scavenging cycle but no nodes were visited. Possible causes of this condition include:    1) No zones are configured for scavenging by this server.   2) A scavenging cycle was performed within the last {param1} minutes.   3) An error occurred during scavenging.  The next scavenging cycle is scheduled to run in {param2} hours.  The event data will contain the error code if there was an error during the scavenging cycle.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 1073744455 — The DNS server successfully autoconfigured: {param1} {param2} {param3} {param4}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server successfully autoconfigured: {param1} {param2} {param3} {param4}.

Message #

The DNS server successfully autoconfigured: 	{param1} 	{param2} 	{param3} 	{param4}

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—
`param4`	—

Event ID 1073744974 — The DNS server wrote version {param1} of zone {param2} to file {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server wrote version {param1} of zone {param2} to file {param3}.

Message #

The DNS server wrote version {param1} of zone {param2} to file {param3}.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073745829 — The DNS server received indication that zone {param1} was deleted from the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server received indication that zone {param1} was deleted from the Active Directory. Since this zone was an Active Directory integrated zone; it has been deleted from the DNS server.

Message #

The DNS server received indication that zone {param1} was deleted from the Active Directory.  Since this zone was an Active Directory integrated zone; it has been deleted from the DNS server.

Fields #

Name	Description
`param1`	—

Event ID 1073745844 — The DNS server is now starting to load zone {param1} in the background.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server is now starting to load zone {param1} in the background. While the zone is being loaded all DNS updates and zone transfer requests will be refused.

Message #

The DNS server is now starting to load zone {param1} in the background. While the zone is being loaded all DNS updates and zone transfer requests will be refused.

Fields #

Name	Description
`param1`	—

Event ID 1073745845 — The DNS server has completed background loading of zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has completed background loading of zone {param1}. The zone is now available for updates and zone transfers if allowed by the zone's configuration. It took {param2} seconds to load the zone.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 1073746324 — The DNS Application Directory Partition {param1} was created.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS Application Directory Partition {param1} was created. The distinguished name of the root of this Directory Partition is {param2}.

Message #

The DNS Application Directory Partition {param1} was created. The distinguished name of the root of this Directory Partition is {param2}.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 1073746325 — The DNS Application Directory Partition {param1} was deleted.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS Application Directory Partition {param1} was deleted. The distinguished name of the root of this Directory Partition was {param2}.

Message #

The DNS Application Directory Partition {param1} was deleted. The distinguished name of the root of this Directory Partition was {param2}.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 1073746326 — The DNS added the local Active Directory to the replication scope of Application Directory Partition {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS added the local Active Directory to the replication scope of Application Directory Partition {param1}. The distinguished name of the root of this Directory Partition is {param2}.

Message #

The DNS added the local Active Directory to the replication scope of Application  Directory Partition {param1}. The distinguished name of the root of this Directory Partition is {param2}.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 1073746327 — The DNS removed the local Active Directory from the replication scope of Application Directory Partition {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS removed the local Active Directory from the replication scope of Application Directory Partition {param1}. The distinguished name of the root of this Directory Partition is {param2}.

Message #

The DNS removed the local Active Directory from the replication scope of Application  Directory Partition {param1}. The distinguished name of the root of this Directory Partition is {param2}.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 1073746337 — The DNS server detected that it is not enlisted in the replication scope of the directory partition {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server detected that it is not enlisted in the replication scope of the directory partition {param1}. This prevents the zones that should be replicated to all DNS servers in the {param2} forest from replicating to this DNS server.  To create or repair the forest-wide DNS directory partition; open the the DNS  console. Right-click the applicable DNS server; and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information; see 'To create the default DNS application directory partitions' in Help and Support.  The error was {param3}.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073746338 — The DNS server detected that it is not enlisted in the replication scope of the directory partition {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server detected that it is not enlisted in the replication scope of the  directory partition {param1}. This prevents the zones that should be replicated to all DNS servers in the {param2} domain from replicating to this DNS server. For information on how to add a DNS server to the replication scope of an application directory partition; please see Help and Support.  To create or repair the domain-wide DNS directory partition; open the the DNS  console. Right-click the applicable DNS server; and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information; see 'To create the default DNS application directory partitions' in Help and Support.  The error was {param3}.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073746347 — The DNS server has detected that the application directory partition {param1} is replicating onto this domain controller.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has detected that the application directory partition {param1} is replicating onto this domain controller. DNS data will not be loaded from this new directory partition until initial replication has completed.

Fields #

Name	Description
`param1`	—

Event ID 1073746348 — The DNS server has detected that the application directory partition {param1} has finished replicating onto this domain controller.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has detected that the application directory partition {param1} has finished replicating onto this domain controller. DNS data will now be loaded from this directory partition.

Message #

The DNS server has detected that the application directory partition {param1} has finished replicating onto this domain controller. DNS data will now be loaded from this directory partition.

Fields #

Name	Description
`param1`	—

Event ID 1073747324 — The DNS server received a bad DNS query from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server received a bad DNS query from {param1}. The query was rejected or ignored. The event data contains the DNS packet.

Message #

The DNS server received a bad DNS query from {param1}.  The query was rejected or ignored. The event data contains the DNS packet.

Fields #

Name	Description
`param1`	—

Event ID 1073747325 — The DNS server encountered a bad packet from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered a bad packet from {param1}. Packet processing leads beyond packet length. The event data contains the DNS packet.

Message #

The DNS server encountered a bad packet from {param1}.  Packet processing leads beyond packet length. The event data contains the DNS packet.

Fields #

Name	Description
`param1`	—

Event ID 1073747326 — The DNS server received a bad TCP-based DNS message from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server received a bad TCP-based DNS message from {param1}. The packet was rejected or ignored. The event data contains the DNS packet.

Message #

The DNS server received a bad TCP-based DNS message from {param1}.  The packet was rejected or ignored. The event data contains the DNS packet.

Fields #

Name	Description
`param1`	—

Event ID 1073747328 — The DNS server encountered an invalid domain name in a packet from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an invalid domain name in a packet from {param1}. The packet will be rejected. The event data contains the DNS packet.

Message #

The DNS server encountered an invalid domain name in a packet from {param1}. The packet will be rejected. The event data contains the DNS packet.

Fields #

Name	Description
`param1`	—

Event ID 1073747329 — The DNS server encountered a domain name exceeding the maximum length in the packet from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered a domain name exceeding the maximum length in the packet from {param1}. The event data contains the DNS packet.

Message #

The DNS server encountered a domain name exceeding the maximum length in the packet from {param1}. The event data contains the DNS packet.

Fields #

Name	Description
`param1`	—

Event ID 1073747330 — The DNS server encountered an invalid domain name offset in a packet from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an invalid domain name offset in a packet from {param1}. The event data contains the DNS packet.

Message #

The DNS server encountered an invalid domain name offset in a packet from {param1}. The event data contains the DNS packet.

Fields #

Name	Description
`param1`	—

Event ID 1073747331 — The DNS server encountered a name offset exceeding the packet length from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered a name offset exceeding the packet length from {param1}. The event data contains the DNS packet.

Message #

The DNS server encountered a name offset exceeding the packet length from {param1}. The event data contains the DNS packet.

Fields #

Name	Description
`param1`	—

Event ID 1073747332 — The DNS server encountered a packet name exceeding the maximum label count from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered a packet name exceeding the maximum label count from {param1}. The event data contains the DNS packet.

Message #

The DNS server encountered a packet name exceeding the maximum label count from {param1}. The event data contains the DNS packet.

Fields #

Name	Description
`param1`	—

Event ID 1073747333 — The DNS server encountered an invalid DNS update message from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an invalid DNS update message from {param1}. The packet was rejected. The event data contains the DNS packet.

Message #

The DNS server encountered an invalid DNS update message from {param1}.  The packet was rejected. The event data contains the DNS packet.

Fields #

Name	Description
`param1`	—

Event ID 1073747334 — The DNS server encountered an invalid response message from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an invalid response message from {param1}. The packet was rejected. The event data contains the DNS packet.

Message #

The DNS server encountered an invalid response message from {param1}.  The packet was rejected. The event data contains the DNS packet.

Fields #

Name	Description
`param1`	—

Event ID 1073747335 — The DNS server encountered a name with a label whose length exceeds the maximum of 63 bytes from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered a name with a label whose length exceeds the maximum of 63 bytes from {param1}. The event data contains the DNS packet.

Message #

The DNS server encountered a name with a label whose length exceeds the maximum  of 63 bytes from {param1}. The event data contains the DNS packet.

Fields #

Name	Description
`param1`	—

Event ID 1073747824 — The DNS server started transfer of version {param1} of zone {param2} to the DNS server at {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server started transfer of version {param1} of zone {param2} to the DNS server at {param3}.

Message #

The DNS server started transfer of version {param1} of zone {param2} to the DNS server at {param3}.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073747825 — The DNS server successfully completed transfer of version {param1} of zone {param2} to the DNS server at {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server successfully completed transfer of version {param1} of zone {param2} to the DNS server at {param3}.

Message #

The DNS server successfully completed transfer of version {param1} of zone {param2} to the DNS server at {param3}.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073747826 — The transfer of version {param1} of zone {param2} by the DNS server was aborted by the server at {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The transfer of version {param1} of zone {param2} by the DNS server was aborted by the server at {param3}. To restart the transfer of the zone; you must initiate transfer at the secondary server.

Message #

The transfer of version {param1} of zone {param2} by the DNS server was aborted by the server at {param3}. To restart the transfer of the zone; you must initiate transfer at the secondary server.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073748344 — Zone {param1} was updated to version {param2} of the zone as provided from the master server at {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Zone {param1} was updated to version {param2} of the zone as provided from the master server at {param3}.

Message #

Zone {param1} was updated to version {param2} of the zone as provided from the master server at {param3}.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073748345 — Zone {param1} is synchronized with version {param2} of the zone as provided from the master server at {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Zone {param1} is synchronized with version {param2} of the zone as provided from the master server at {param3}.

Message #

Zone {param1} is synchronized with version {param2} of the zone as provided from the master server at {param3}.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 1073748346 — A more recent version; version {param1} of zone {param2} was found at the DNS server at {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

A more recent version; version {param1} of zone {param2} was found at the DNS server at {param3}. Zone transfer is in progress.

Message #

A more recent version; version {param1} of zone {param2} was found at the DNS server at {param3}. Zone transfer is in progress.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147484057 — The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer.  Use the DNS manager server properties; interfaces dialog; to verify and reset the IP addresses the DNS server should listen on.  For more information; see 'To restrict a DNS server to listen only on selected addresses' in the online Help.

Event ID 2147484059 — The DNS server has bound one or more socket pool sockets to port numbers from port exclusion range {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has bound one or more socket pool sockets to port numbers from port exclusion range {param1}.

Message #

The DNS server has bound one or more socket pool sockets to port numbers from port exclusion range {param1}.

Fields #

Name	Description
`param1`	—

Event ID 2147484062 — The DNS server computer currently does not have a DNS domain name.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server computer currently does not have a DNS domain name.  Its DNS name is a single-label host name with no domain (for example:  'host' rather than 'host.microsoft.com').  You might have forgotten to configure a primary DNS domain for the server computer.  Because the DNS server has only a single-label name; all zones created will have default records (SOA and NS) created using only this single-label name for the server's host name.  This can lead to incorrect and failed referrals when clients and other DNS servers use these records to locate this server by name.  To correct this problem:   1) Click Start; and then click Control Panel.  2) Open System and Maintenance ; and then open System.   3) Click Change Settings; and then click Change.  4) Click either Domain or Workgroup; and then type the name of the domain or  workgroup you want the computer to join; the domain or workgroup name will be used as your DNS domain name.   5) When prompted; restart the computer. After the computer restarts; the DNS server will attempt to fix up default records; substituting the new DNS name of this server for the old single-label name.  However; you should review the zone's SOA and NS records to ensure that they now use the correct domain name of this server.

Event ID 2147484354 — The DNS server does not have a cache or other database entry for root name servers.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server does not have a cache or other database entry for root name servers. Either the root hints file; cache.dns; or Active Directory must have at least one name server (NS) resource record; indicating a root DNS server and a corresponding host (A) resource record for that root DNS server.  Otherwise; the DNS server will be unable to contact the root DNS server on startup and will be unable to answer queries for names outside of its own authoritative zones.  To correct this problem; use the DNS console to update the server root hints.  For more information; see the online Help.

Event ID 2147484850 — The DNS server encountered an unsupported 'directory' directive in the server boot file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an unsupported 'directory' directive in the server boot file {param1} at line {param2}. All database files must be located in the '%SystemRoot%\system32\dns' directory. The directory directive is ignored.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 2147485168 — The DNS server encountered the unknown directive '{param1}' in file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered the unknown directive '{param1}' in file {param2} at line {param3}. The directive was ignored.

Message #

The DNS server encountered the unknown directive '{param1}' in file {param2} at line {param3}. The directive was ignored.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147485169 — The DNS server encountered the unsupported directive '{param1}' in file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered the unsupported directive '{param1}' in file {param2} at line {param3}. The directive was ignored.

Message #

The DNS server encountered the unsupported directive '{param1}' in file {param2} at line {param3}. The directive was ignored.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147485170 — The DNS server encountered the obsolete directive '{param1}' in file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered the obsolete directive '{param1}' in file {param2} at line {param3}. The directive was ignored.

Message #

The DNS server encountered the obsolete directive '{param1}' in file {param2} at line {param3}. The directive was ignored.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147485171 — The DNS server encountered the directive '{param1}' in file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered the directive '{param1}' in file {param2} at line {param3}. The directive is not yet supported and was ignored.

Message #

The DNS server encountered the directive '{param1}' in file {param2} at line {param3}. The directive is not yet supported and was ignored.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147485173 — DNSSEC signatures with key tag {param1}; associated with records in zone {param2}; will expire on {param3} (UTC time).

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

DNSSEC signatures with key tag {param1}; associated with records in zone {param2}; will expire on {param3} (UTC time). Once the signatures expire; name resolution will fail for resolvers that require validation  until new signatures are created.  To create new signatures; re-sign the zone.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147485249 — DNS server encountered the obsolete record type {param1} in database file {param2}; line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

DNS server encountered the obsolete record type {param1} in database file {param2}; line {param3}. The record was ignored.  MD or MF record types are obsolete.  They should be converted to MX record type which has the format:   MX <preference value> <mail server domain name> Example: 	microsoft.com   MX 10 mai1.microsoft.com.  For more information; see the 'Resource records reference' in the online Help.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147486278 — The DNS server could not configure the network connections of this computer with the local computer's IP address as the preferred DNS server; becau...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not configure the network connections of this computer with the local computer's IP address as the preferred DNS server; because this computer is connected to networks with different or invalid DNS namespaces. Manual configuration of the local DNS server to perform name resolution on one or more of the namespaces is required before the preferred DNS servers of this computer should be modified.  If the network connections of this computer are not configured with the local computer's IP address as the preferred DNS server; this computer may not be able to dynamically register DC locator records in DNS. Absence of these records may prevent other Active Directory domain controllers and domain members from locating this domain controller.  User Action:  Ensure that DC locator DNS records enumerated in the file %SystemRoot%\system32\config\netlogon.dns are registered on the local DNS server. If these records are not registered in DNS: a) Add a delegation to this DNS server to parent DNS zone matching the name of the Active Directory domain OR b) Configure the local DNS server with appropriate root hints and forwarders (if necessary) and configure the network connections of this computer with the local computer's IP address as the preferred DNS server. Note that other computers using other DNS servers as their preferred or alternate DNS servers may not be able to locate this domain controller; unless the DNS infrastructure is properly configured.

Event ID 2147487661 — The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution; consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

Event ID 2147487665 — The DNS server was unable to load or create the DnsAdmins group.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to load or create the DnsAdmins group. The most likely cause is that the Group Name has been changed. The DNS server will continue but for full functionality the DnsAdmins group should be repaired. The event data contains the error.

Event ID 2147487666 — The DNS server was unable to begin background loading of Active Directory-integrated zones.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to begin background loading of Active Directory-integrated zones. There may be a system resource problem. The DNS server service will now terminate. The event data contains the error.

Event ID 2147487667 — The DNS server attempted to load the Active Directory-integrated zone {param1} in the background but there was an error during load.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server attempted to load the Active Directory-integrated zone {param1} in the background but there was an error during load. This zone will now be shut down. Correct the error and restart the DNS server service. The event data contains the error.

Fields #

Name	Description
`param1`	—

Event ID 2147488048 — The DNS server is experiencing high SOA query load.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server is experiencing high SOA query load. This may be caused by a large number of local client machines performing updates. Single object replication of DNS records corresponding to SOA queries is being throttled. This may delay replication of updates to this RODC DNS server; however scheduled replication will not be affected.

Event ID 2147488158 — The DNS server was unable to connect to the domain naming FSMO {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to connect to the domain naming FSMO {param1}. No modifications to Directory Partitions are possible until the FSMO server is available for LDAP connections. The event data contains the error code.

Fields #

Name	Description
`param1`	—

Event ID 2147488160 — The DNS server was unable to create the built-in directory partition {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to create the built-in directory partition {param1}. The error was {param2}.

Message #

The DNS server was unable to create the built-in directory partition {param1}. The error was {param2}.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 2147488163 — The zone {param1} was previously loaded from the directory partition {param2} but another copy of the zone has been found in directory partition {p...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The zone {param1} was previously loaded from the directory partition {param2} but another copy of the zone has been found in directory partition {param3}. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible.  If an administrator has moved this zone from one directory partition to another this may be a harmless transient condition. In this case; no action is necessary. The deletion of the original copy of the zone should soon replicate to this server.  If there are two copies of this zone in two different directory partitions but this is not a transient caused by a zone move operation then one of these copies should be deleted as soon as possible to resolve this conflict.  To change the replication scope of an application directory partition containing DNS zones and for more details on storing DNS zones in the application directory partitions; please see Help and Support.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 2147488168 — The DNS server encountered error {param1} building the zone list from Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered error {param1} building the zone list from Active Directory. The DNS server will sleep for {param2} seconds and try again. This can be caused by high Active Directory load and may be a transient condition.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 2147488169 — The DNS server encountered error {param1} attempting to load zone {param2} from Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered error {param1} attempting to load zone {param2} from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 2147488170 — The DNS server has deleted all records for a corrupt DNS node from Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server has deleted all records for a corrupt DNS node from Active Directory. The DNS node's distinguished name was {param1}.

Message #

The DNS server has deleted all records for a corrupt DNS node from Active Directory. The DNS node's distinguished name was {param1}.

Fields #

Name	Description
`param1`	—

Event ID 2147488699 — The DNS server is using a large amount of memory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server is using a large amount of memory. The data is the current memory allocated.

Message #

The DNS server is using a large amount of memory.  The data is the current memory allocated.

Event ID 2147489651 — The DNS server received a request from {param1} for a UDP-based transfer of the entire zone.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server received a request from {param1} for a UDP-based transfer of the entire zone. The request was ignored because full zone transfers must be made using TCP.

Message #

The DNS server received a request from {param1} for a UDP-based transfer of the entire zone.  The request was ignored because full zone transfers must be made using TCP.

Fields #

Name	Description
`param1`	—

Event ID 2147489652 — The DNS server received a zone transfer request from {param1} for a non-existent or non-authoritative zone {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server received a zone transfer request from {param1} for a non-existent or non-authoritative zone {param2}.

Message #

The DNS server received a zone transfer request from {param1} for a non-existent or non-authoritative zone {param2}.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 2147490171 — Zone {param1} failed zone refresh check.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

Zone {param1} failed zone refresh check.  Unable to connect to master DNS server at {param2} to receive zone transfer.  Check that the zone contains correct IP address for the master server or if network failure has occurred.  For more information; see 'To update the master server for a secondary zone' in the online Help.  If available; you can specify more than one master server in the list for this zone.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 2147490174 — Zone {param1} version {param2} is newer than version {param3} on DNS server at {param4}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

Zone {param1} version {param2} is newer than version {param3} on DNS server at {param4}.  The zone was not updated. DNS servers supplying zones for transfer must have the most recent version of the zone; based on the primary zone.  If zone on remote server {param4}; is in fact the most recent version of the zone; do the following at that server:  (1) stop the DNS server;  (2) delete the zone file (not the zone itself) and  (3) restart the DNS server The DNS server will transfer the new version and write its zone file. When deleting the zone file at server {param4}; locate the file named {param1}.dns in the %SystemRoot%\System32\Dns directory and delete it. An alternative solution is to delete and recreate the secondary zone at server {param4}.  This could be preferred if this server hosts large zones and restarting it at this time would be a consuming or costly operation.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—
`param4`	—

Event ID 2147490183 — The master DNS server at {param2} responded to IXFR (Incremental Zone Transfer) request for zone {param1} with an invalid (FORMAT ERROR) response.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The master DNS server at {param2} responded to IXFR (Incremental Zone Transfer) request for zone {param1} with an invalid (FORMAT ERROR) response.  DNS server performance and network bandwidth will both be improved by upgrading the DNS server at {param2} to a run as either a Windows 2000 or later Microsoft DNS server or another IXFR-compatible DNS server implementation.

Fields #

Name	Description
`param2`	—
`param1`	—

Event ID 2147490708 — The DNS server could not connect to DNS server at {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not connect to DNS server at {param1}. The event data contains the error.

Message #

The DNS server could not connect to DNS server at {param1}. The event data contains the error.

Fields #

Name	Description
`param1`	—

Event ID 2147490710 — The DNS server encountered a packet addressed to itself on IP address {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a packet addressed to itself on IP address {param1}. The packet is for the DNS name '{param2}'. The packet will be discarded. This condition usually indicates a configuration error.  Check the following areas for possible self-send configuration errors:   1) Forwarders list. (DNS servers should not forward to themselves).   2) Master lists of secondary zones.   3) Notify lists of primary zones.   4) Delegations of subzones.  Must not contain NS record for this DNS server unless subzone is also on this server.   5) Root hints.  Example of self-delegation:   -> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com.   -> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com;   (bar.example.microsoft.com NS dns1.example.microsoft.com)   -> BUT the bar.example.microsoft.com zone is NOT on this server.  Note; you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly; but that the primary DNS for the subzone; has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server; then the self-send could result.  If found; the subzone DNS server admin should remove the offending NS record.  You can use the DNS server debug logging facility to track down the cause of this problem.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 2147491148 — The DNS server failed to process a packet from {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server failed to process a packet from {param1}. The packet was discarded.

Message #

The DNS server failed to process a packet from {param1}.  The packet was discarded.

Fields #

Name	Description
`param1`	—

Event ID 2147491248 — The global query block list is a feature that prevents attacks on your network by blocking DNS queries for specific host names.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The global query block list is a feature that prevents attacks on your network by blocking DNS queries for specific host names. This feature has caused the DNS server to fail a query with error code NAME ERROR for {param1} even though data for this DNS name exists in the DNS database. Other queries in all locally authoritative zones for other names that begin with labels in the block list will also fail; but no event will be logged when further queries are blocked until the DNS server service on this computer is restarted. See product documentation for information about this feature and instructions on how to configure it. Below is the current global query block list (this list may be truncated in this event if it is too long):{param2}

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 2147491264 — The TrustAnchors zone could not be loaded:{param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The TrustAnchors zone could not be loaded:{param1}.

Message #

The TrustAnchors zone could not be loaded:{param1}

Fields #

Name	Description
`param1`	—

Event ID 3221225482 — The DNS server could not start because it is dependent on the NTDS service which is not started.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not start because it is dependent on the NTDS service which is not started.

Message #

The DNS server could not start because it is dependent on the NTDS service which is not started.

Event ID 3221225583 — The DNS server could not create a thread.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not create a thread. System may be out of resources. You might close applications not in use; restart the DNS server or reboot your computer. The event data is the error code.

Message #

The DNS server could not create a thread.  System may be out of resources. You might close applications not in use; restart the DNS server or reboot your computer.  The event data is the error code.

Event ID 3221225603 — The DNS server failed to initialize NetBIOS lookups to support WINSR for reverse lookup zones.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server failed to initialize NetBIOS lookups to support WINSR for reverse lookup zones.  The server will continue to run but will not attempt to perform WINS reverse lookups.  This may be due to an incorrect configuration.  If WINSR lookups are not required; remove WINSR records from zone data files and reload modified zones or restart the DNS server.  If the DNS server should support WINSR reverse lookup; restart the server computer and verify that the WINS/NetBT configuration for TCP/IP client properties on the computer are correctly set.

Event ID 3221225612 — The DNS server could not initialize the remote procedure call (RPC) service.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not initialize the remote procedure call (RPC) service. If it is not running; start the RPC service or reboot the computer. The event data is the error code.

Message #

The DNS server could not initialize the remote procedure call (RPC) service. If it is not running; start the RPC service or reboot the computer. The event data is the error code.

Event ID 3221225622 — The DNS server could not load or initialize the plug-in DLL {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not load or initialize the plug-in DLL {param1}. The event data is the error code returned by the plug-in DLL load or initialization attempt. Please correct the plug-in error that is causing this condition or remove the plug-in from the DNS server configuration.

Fields #

Name	Description
`param1`	—

Event ID 3221225875 — The DNS server could not create a Transmission Control Protocol (TCP) socket.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not create a Transmission Control Protocol (TCP) socket. Restart the DNS server or reboot the computer. The event data is the error code.

Message #

The DNS server could not create a Transmission Control Protocol (TCP) socket. Restart the DNS server or reboot the computer. The event data is the error code.

Event ID 3221225876 — The DNS server could not bind a Transmission Control Protocol (TCP) socket to address {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not bind a Transmission Control Protocol (TCP) socket to address {param1}.  The event data is the error code.  An IP address of 0.0.0.0 can indicate a valid 'any address' configuration in which all configured IP addresses on the computer are available for use. Restart the DNS server or reboot the computer.

Fields #

Name	Description
`param1`	—

Event ID 3221225877 — The DNS server could not listen on Transmission Control Protocol (TCP) socket for address {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not listen on Transmission Control Protocol (TCP) socket for address {param1}. The event data is the error code.  An IP address of 0.0.0.0 can indicate a valid 'any address' configuration in which all configured IP addresses on the computer are available for use. Restart the DNS server or reboot the computer.

Fields #

Name	Description
`param1`	—

Event ID 3221225878 — The DNS server could not create a User Datagram Protocol (UDP) socket.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not create a User Datagram Protocol (UDP) socket. The event data is the error code. Restart the DNS server or reboot your computer.

Message #

The DNS server could not create a User Datagram Protocol (UDP) socket. The event data is the error code. Restart the DNS server or reboot your computer.

Event ID 3221225879 — The DNS server could not bind a User Datagram Protocol (UDP) socket to {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not bind a User Datagram Protocol (UDP) socket to {param1}. The event data is the error code. Restart the DNS server or reboot your computer.

Message #

The DNS server could not bind a User Datagram Protocol (UDP) socket to {param1}. The event data is the error code. Restart the DNS server or reboot your computer.

Fields #

Name	Description
`param1`	—

Event ID 3221225880 — The DNS server could not open socket for address {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not open socket for address {param1}. Verify that this is a valid IP address for the server computer.  If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces.  Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error.  In that case remove the DNS\Parameters\ ListenAddress value in the services section of the registry and restart.)  If this is a valid IP address for this machine; make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.  For more information; see 'DNS server log reference' in the online Help.

Fields #

Name	Description
`param1`	—

Event ID 3221225882 — The DNS server list of restricted interfaces does not contain a valid IP address for the server computer.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server list of restricted interfaces does not contain a valid IP address for the server computer. The DNS server will use all IP interfaces on the machine.  Use the DNS manager server properties; interfaces dialog; to verify and reset the IP addresses the DNS server should listen on.  For more information; see 'To restrict a DNS server to listen only on selected addresses' in the online Help.

Event ID 3221225972 — The DNS server has detected that the zone {param1} has invalid or corrupted registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has detected that the zone {param1} has invalid or corrupted registry data.  To correct the problem; you can delete the applicable zone subkey; located under DNS server parameters in the registry. You can then recreate the zone using the DNS console.  For more information; see 'Tuning advanced server parameters' and 'Add and Remove Zones' in the online Help.

Fields #

Name	Description
`param1`	—

Event ID 3221225973 — The DNS server has detected that the zone {param1} has a missing or corrupted zone type in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has detected that the zone {param1} has a missing or corrupted zone type in registry data.  To correct the problem; you can delete the applicable zone subkey; located under DNS server parameters in the registry.   You can then recreate the zone using the DNS console.  For more information; see 'Tuning advanced server parameters' and 'Add and Remove Zones' in the online Help.

Fields #

Name	Description
`param1`	—

Event ID 3221225974 — The DNS server has detected that for the primary zone {param1} its has no zone file name stored in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has detected that for the primary zone {param1} its has no zone file name stored in registry data.  You can either update the zone file name or delete the zone and recreate it using the DNS console.  To delete the applicable zone from the registry; locate its subkey under DNS server parameters in the registry.  You can then recreate the zone using the DNS console.  For more information; see 'To change a zone file name'; 'Tuning advanced server parameters' and 'Add and Remove Zones' in the online Help.

Fields #

Name	Description
`param1`	—

Event ID 3221225975 — The DNS server has detected that the secondary zone {param1} has no master IP addresses in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has detected that the secondary zone {param1} has no master IP addresses in registry data.  Secondary zones require at least one master server to act as a source.  You can add or update the IP address for the master server for this zone using the DNS console.  For more information; see 'To update the master server for a secondary zone' in the online Help.

Fields #

Name	Description
`param1`	—

Event ID 3221225976 — The DNS server could not create zone {param1} from registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not create zone {param1} from registry data.  One or more of the zone registry key values could be corrupted or the zone file is missing. Use the DNS console to replace or repair any corrupted registry key values or confirm that the zone database is available.  For more information; see 'Configure zone properties' in the online Help.

Fields #

Name	Description
`param1`	—

Event ID 3221225977 — The DNS server zone {param1} has invalid or corrupted registry data for {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server zone {param1} has invalid or corrupted registry data for {param2}. Use the DNS console to replace or repair any corrupted registry key values or confirm that the zone database is available.  For more information; see the online Help.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221225978 — The DNS server has invalid or corrupted registry parameter {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has invalid or corrupted registry parameter {param1}.  To correct the problem; you can delete the applicable registry value; located under DNS server parameters in the registry.  You can then recreate it using the DNS console.  For more information; see the online Help.

Fields #

Name	Description
`param1`	—

Event ID 3221225979 — The DNS server encountered invalid or corrupted forwarder parameters in registry data.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered invalid or corrupted forwarder parameters in registry data.  To fix the forwarders: 	 - connect to or open this server in DNS Manager 	 - bring up server properties 	 - open 'Forwarders' tab 	 - reset forwarders information to desired values 	 - click OK  For more information; see the online Help.

Event ID 3221226179 — The DNS server is not root authoritative and no root hints were specified in the cache.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server is not root authoritative and no root hints were specified in the cache.dns file. Where the server is not a root server; this file must specify root hints in the form of at least one name server (NS) resource record; indicating a root DNS server and a corresponding host (A) resource record for that root DNS server.  Otherwise; the DNS server will be unable to contact the root DNS server on startup and will be unable to answer queries for names outside of its own authoritative zones.  To correct this problem; use the DNS console to update the server root hints.  For more information; see the online Help.

Event ID 3221226472 — The DNS server could not open the file {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not open the file {param1}. Check that the file exists in the %SystemRoot%\System32\Dns directory and that it contains valid data. The event data is the error code.

Message #

The DNS server could not open the file {param1}.  Check that the file exists in the %SystemRoot%\System32\Dns directory and that it contains valid data. The event data is the error code.

Fields #

Name	Description
`param1`	—

Event ID 3221226473 — The DNS server could not map file {param1} to memory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not map file {param1} to memory. Either close other applications that are not in use or reboot the computer to reclaim additional memory for the server to use.

Message #

The DNS server could not map file {param1} to memory.  Either close other applications that are not in use or reboot the computer to reclaim additional memory for the server to use.

Fields #

Name	Description
`param1`	—

Event ID 3221226475 — The DNS server could not find or open the root hints file; Cache.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not find or open the root hints file; Cache.dns; in the %SystemRoot%\System32\Dns directory.  Verify that this file is located in this directory and that it contains at least one name server (NS) resource record; indicating a root DNS server and a corresponding host (A) resource record for that server.  For more information; see the online Help.

Event ID 3221226476 — The DNS server could not find or open zone file {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not find or open zone file {param1}. in the %SystemRoot%\System32\Dns directory. Verify that the zone file is located in this directory and that it contains valid data.

Message #

The DNS server could not find or open zone file {param1}.  in the %SystemRoot%\System32\Dns directory.  Verify that the zone file is located in this directory and that it contains valid data.

Fields #

Name	Description
`param1`	—

Event ID 3221226480 — The DNS server was unable to create the path for file {param1} in directory {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to create the path for file {param1} in directory {param2}. The specified path is too long. Choose a different path.

Message #

The DNS server was unable to create the path for file {param1} in directory {param2}. The specified path is too long.  Choose a different path.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221226672 — The DNS server could not find or open boot file {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not find or open boot file {param1}. This file should be called 'Boot' and be located in the %SystemRoot%\System32\Dns directory.

Message #

The DNS server could not find or open boot file {param1}.  This file should be called 'Boot' and be located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—

Event ID 3221226673 — The DNS server could not create zone {param1} specified in file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not create zone {param1} specified in file {param2} at line {param3}.  Check that the zone file is located in the %SystemRoot%\System32\Dns directory and that it contains valid data.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221226675 — The DNS server encountered a 'forwarders' directive in with no forwarding addresses in file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a 'forwarders' directive in with no forwarding addresses in file {param1} at line {param2}.  Although the DNS server will continue running it will not be able to forward unresolved queries to the forwarders.  To correct the problem; in the DNS console select the server in the console tree; then from the Action menu; click Properties and click the Forwarders tab.  Add IP addresses for forwarders.  For more information; see 'Using forwarders' in the online Help.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221226677 — The DNS server encountered an unknown boot option {param1} in file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an unknown boot option {param1} in file {param2} at line {param3}. The option is ignored.  You may want to remove it the option from the boot file which is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221226678 — DNS server encountered missing database directory name; in file {param1}; line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

DNS server encountered missing database directory name; in file {param1}; line {param2}.

Message #

DNS server encountered missing database directory name; in file {param1}; line {param2}.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221226973 — The DNS server could not parse zone file {param1} for zone {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not parse zone file {param1} for zone {param2}. Check that the zone file is located in the %SystemRoot%\System32\Dns directory and that it contains valid data.

Message #

The DNS server could not parse zone file {param1} for zone {param2}.  Check that the zone file is located in the %SystemRoot%\System32\Dns directory and that it contains valid data.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221226974 — The DNS server could not parse the token '{param1}' in zone file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not parse the token '{param1}' in zone file {param2} at line {param3}. Although the DNS server will continue to load; ignoring this token; it is recommended that you either correct the token or remove this resource record from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221226975 — The DNS server could not parse the zone file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not parse the zone file {param1} at line {param2}.  Although the DNS server continues to load; ignoring this line; it is recommended that you either correct the line or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221226976 — The DNS server could not parse an unexpected token '{param1}' in zone file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not parse an unexpected token '{param1}' in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this token; it is recommended that you either correct the token or remove the resource record from the zone file; which is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221226977 — The DNS server unexpected end of line; in zone file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server unexpected end of line; in zone file {param1} at line {param2}. To correct the problem; fix this line in the zone file; which is located in the %SystemRoot%\System32\Dns directory.

Message #

The DNS server unexpected end of line; in zone file {param1} at line {param2}.  To correct the problem; fix this line in the zone file; which is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221226978 — The DNS server encountered invalid token '{param1}' in zone file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered invalid token '{param1}' in zone file {param2} at line {param3}. Although the DNS server continues to load; ignoring this token; it is recommended that you either correct the token or remove this resource record from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221226979 — The DNS server encountered invalid class token '{param1}' in zone file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered invalid class token '{param1}' in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this resource record (RR); it is recommended that you either correct the class of the RR to use the Internet (IN) class or remove the resource record from the zone file. The DNS server supports only the Internet (IN) class in RRs.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221226980 — The DNS server is ignoring an invalid resource record in zone file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server is ignoring an invalid resource record in zone file {param1} at line {param2}. See the previously logged event for a description of the error. Although the DNS server continues to load; ignoring this RR; it is recommended that you investigate the error associated with this record and either correct it or remove it from the zone file.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221226996 — DNSSEC signatures with key tag {param1}; associated with records in zone {param2}; have expired.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

DNSSEC signatures with key tag {param1}; associated with records in  zone {param2}; have expired.  Name resolution will fail for resolvers that require validation until new signatures are created.  To create new signatures; re-sign the zone.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221227012 — The DNS server unable to create domain node.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server unable to create domain node.

Message #

The DNS server unable to create domain node.

Event ID 3221227013 — The DNS server encountered invalid domain name '{param1}' in zone file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered invalid domain name '{param1}' in zone file {param2} at line {param3}. Although the DNS server continues to load; ignoring this name; it is strongly recommended that you either correct the name or remove the resource record from the zone file; which is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227014 — The DNS server encountered invalid domain name '{param1}'.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered invalid domain name '{param1}'.

Message #

The DNS server encountered invalid domain name '{param1}'.

Fields #

Name	Description
`param1`	—

Event ID 3221227015 — The DNS server encountered domain name '{param1}' exceeding maximum length.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered domain name '{param1}' exceeding maximum length. Although the DNS server continues to load; ignoring this name; it is recommended that you either correct the name or remove the resource record from the zone file; which is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—

Event ID 3221227016 — The DNS server encountered an invalid '@' token '{param1}' in zone file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid '@' token '{param1}' in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this token; it is recommended that you either correct the token or remove the resource record from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227017 — The DNS server encountered a name outside of the specified zone in zone file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a name outside of the specified zone in zone file {param1} at line {param2}.  Although the DNS server continues to load; ignoring this resource record (RR); it is recommended that you either correct the RR or remove it from the zone file; which is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221227018 — The DNS server encountered an invalid name server (NS) resource record in zone file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid name server (NS) resource record in zone file {param1} at line {param2}.  The use of NS resource records (RR) must be at either the zone root node or be placed at at the sub-zone context within the zone for a domain being delegated away from this zone. Although the DNS server continues to load; ignoring this RR; it is recommended that you either correct the RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.  For more information; see 'Delegating zones' in the online Help.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221227019 — The DNS server encountered an invalid host (A) resource record in zone file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid host (A) resource record in zone file {param1} at line {param2}.  The use of A resource records (RRs) must be at a domain name within the zone; with the exception of glue A RRs which are used to resolve the host name specified in an NS RR also contained at the same domain node and used for a zone delegation.  Although the DNS server continues to load; ignoring this RR; it is strongly recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.  For more information; see 'Delegating zones' in the online Help.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221227072 — The DNS server encountered an unknown or unsupported resource record (RR) type {param1} in zone file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an unknown or unsupported resource record (RR) type {param1} in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this RR; it is recommended that you either correct the record type or remove this RR from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227074 — The DNS server encountered an invalid SOA (Start Of Authority) resource record (RR) in file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid SOA (Start Of Authority) resource record (RR) in file {param1} at line {param2}. An SOA record is required in every zone files and must satify the following conditions:  1)  The SOA record must be the first record in the zone file.  2)  The SOA record must belong to the root of the zone ('@' in zone file).  3)  Only one SOA is allowed in the zone.  4)  SOA records are NOT valid in root-hints (cache.dns) file.  To correct the problem modify or repair the SOA RR in zone file {param1}; which can be found in the %SystemRoot%\System32\Dns directory. For more information; see the 'Resource records reference' in the online Help.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221227082 — The DNS server encountered a resource record (RR) in the zone file {param1} at line {param2} for a domain name with an existing CNAME (alias) RR.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a resource record (RR) in the zone file {param1} at line {param2} for a domain name with an existing CNAME (alias) RR.  Where used; CNAME RRs must be the only RR for the domain name they are used to provide an alias for.  Either this RR; or the CNAME RR it conflicts with; needs to be deleted from zone file {param1}; which can be found in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221227083 — The DNS server encountered a CNAME (alias) resource record (RR) in zone file {param1} at line {param2} for a domain name with existing RRs.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a CNAME (alias) resource record (RR) in zone file {param1} at line {param2} for a domain name with existing RRs.  Where used; CNAME RRs must be the only RR for the domain name they are used to provide an alias for.  Either this CNAME RR; or the one it conflicts with; needs to be deleted from zone file {param1}; which can be found in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221227084 — The DNS server encountered an alias (CNAME or DNAME) resource record (RR) in zone file {param1} at line {param2} that forms an alias loop with anot...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an alias (CNAME or DNAME) resource record (RR) in zone file {param1} at line {param2} that forms an alias loop with another alias RR in the zone.  One of the alias RRs forming the loop must be removed from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221227085 — The DNS server encountered an invalid preference value '{param1}' in zone file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid preference value '{param1}' in zone file {param2} at line {param3}.  The preference must be a valid 16-bit unsigned integer. To correct the problem; modify the preference field to a valid value. The zone file {param2} is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227086 — The DNS server encountered a token '{param1}' of the wrong format in zone file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a token '{param1}' of the wrong format in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this resource record (RR); it is recommended that you either correct this RR or remove it from zone file {param2}; located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227088 — The DNS server encountered a text string '{param1}' in zone file {param2} at line {param3} that exceeds the maximum permissible length.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a text string '{param1}' in zone file {param2} at line {param3} that exceeds the maximum permissible length.  Although the DNS server continues to load; ignoring this resource record (RR); it is strongly recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227089 — The DNS server encountered an invalid IP address '{param1}' in zone file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid IP address '{param1}' in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this resource record (RR); it is recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227090 — The DNS server encountered an invalid IPv6 address '{param1}' in zone file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid IPv6 address '{param1}' in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this resource record (RR); it is recommended that you either correct this RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227091 — The DNS server could not find protocol '{param1}' specified for the well known service (WKS) resource record (RR) in zone file {param2} at line {pa...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not find protocol '{param1}' specified for the well known service (WKS) resource record (RR) in zone file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this RR; it is strongly recommended that you either correct this WKS RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227092 — The DNS server could not find the service '{param1}' specified for the well known service (WKS) resource record (RR) in zone file {param2} at line ...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not find the service '{param1}' specified for the well known service (WKS) resource record (RR) in zone file {param2} at line {param3}. Although the DNS server continues to load; ignoring this RR; it is recommended that you either correct this WKS RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227093 — The DNS server encountered the port '{param1}' specified for the well known service (WKS) resource record (RR) in zone file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered the port '{param1}' specified for the well known service (WKS) resource record (RR) in zone file {param2} at line {param3}. This port exceeds the maximum port supported for the WKS RR.  Although the DNS server continues to load; ignoring this RR; it is strongly recommended that you either correct this WKS RR or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227122 — The DNS server encountered invalid WINS record in file {param1}; line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered invalid WINS record in file {param1}; line {param2}.  WINS records are subject to the following conditions:   1) WINS record must be in forward lookup zone (not in in-addr.arpa domain).   2) Only one WINS record may be specified in a zone file.   3) WINS record must belong to the zone root (the WINS record name must be the origin of the zone).  If WINS lookup is desired for names in a sub-domain of the zone; then the sub-domain must be split into its own zone.   4) WINS record must specify at least one WINS server.  The format of a WINS record: WINS [LOCAL] [L<lookup timeout>] [C<cache timeout>] <WINS IP> [WINS IPs...]  Examples (zone root assumed to be current origin): @ IN       WINS LOCAL L1 C10 10.10.10.1 10.10.10.2 10.10.10.3 @ IN       WINS 10.10.10.1  For more information; see 'Using WINS lookup' in the online Help.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221227123 — The DNS server encountered an invalid WINS reverse lookup (WINSR) resource record (RR) in file {param1} at line {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an invalid WINS reverse lookup (WINSR) resource record (RR) in file {param1} at line {param2}.  WINSR records are subject to the following conditions:   1) WINSR record must be in reverse lookup zone (under in-addr.arpa domain).   2) Only one WINSR record may be specified in a zone file.   3) WINSR record must belong to the zone root (the WINS record name must be the origin of the zone).   4) WINSR record must specify at domain for the resulting name.  The format of a WINSR record: WINSR [LOCAL] [L<lookup timeout>] [C<cache timeout>] <result domain>  Examples (zone root assumed to be current origin): @ IN       WINSR LOCAL L1 C10 microsoft.com. @ IN       WINSR wins.microsoft.com.  For more information; see 'Using WINS lookup' in the online Help.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221227126 — The DNS server encountered an unknown WINS-to-DNS mapping flag {param1} in file {param2} at line {param3}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an unknown WINS-to-DNS mapping flag {param1} in file {param2} at line {param3}.  Although the DNS server continues to load; ignoring this flag; it is recommended that you either correct the associated resource record or remove it from the zone file.  The zone file is located in the %SystemRoot%\System32\Dns directory.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221227128 — The DNS server encountered a WINS reverse lookup (WINSR) resource record (RR) without a domain specified for resulting names in zone file {param1} ...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered a WINS reverse lookup (WINSR) resource record (RR) without a domain specified for resulting names in zone file {param1} at line {param2}.  This field is required for mapping names that are found in WINS reverse lookup to fully-qualfied DNS domain names.  It is appended to the NetBIOS computer names resolved by NetBIOS adapter status queries. Although the DNS server will continue to load; ignoring this RR; it is recommended that you either correct the WINSR RR or disable WINS reverse lookup and/or remove the RR from the zone file. The zone file is located in the %SystemRoot%\System32\Dns directory. For more information; see 'Using WINS lookup' in the online Help.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221227475 — The DNS server encountered an error writing current configuration back to boot file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server encountered an error writing current configuration back to boot file. Verify that the current boot file contains all of the desired information. The Boot file is located in the %SystemRoot%\System32\Dns directory.

Event ID 3221227672 — The DNS server could not open a registry key.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not open a registry key. Reinstall the DNS server if it was not able to be started. If the DNS server started; but couldn't load a zone; reload the zone or restart the DNS server.

Message #

The DNS server could not open a registry key.  Reinstall the DNS server if it was not able to be started.  If the DNS server started; but couldn't load a zone; reload the zone or restart the DNS server.

Event ID 3221227674 — The DNS server could not write a registry key.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not write a registry key.  The server disk could be full or corrupted or the maximum permissible size for the server registry has been reached.  The DNS server will not be able to save server or zone configuration parameters to in the registry unless the problem is fixed.

Event ID 3221227675 — The DNS server could not delete a registry key.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not delete a registry key.  The registry is likely corrupted.  The DNS server will not be able to save DNS server or zone configuration parameters in the registry unless the problem is fixed.

Event ID 3221227676 — The registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\{param1} contains an invalid value or could not be read. The DNS server cannot start. You must change this value to valid data or delete it and then attempt to restart the DNS service.

Fields #

Name	Description
`param1`	—

Event ID 3221228623 — The DNS server unable to write zone file {param1} for zone {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server unable to write zone file {param1} for zone {param2}. Most likely the server disk is full. Free some disk space and re-initiate zone write.

Message #

The DNS server unable to write zone file {param1} for zone {param2}.  Most likely the server disk is full.  Free some disk space and re-initiate zone write.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221228624 — The DNS server was unable to open file {param1} for write.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to open file {param1} for write. Most likely the file is a zone file that is already open. Close the zone file and re-initiate zone write.

Message #

The DNS server was unable to open file {param1} for write.  Most likely the file is a zone file that is already open.  Close the zone file and re-initiate zone write.

Fields #

Name	Description
`param1`	—

Event ID 3221228625 — The DNS server encountered an error writing to file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an error writing to file. Most likely the server disk is full. Free some disk space at the server and re-initiate zone write. The event data is the error code.

Message #

The DNS server encountered an error writing to file.  Most likely the server disk is full.  Free some disk space at the server and re-initiate zone write. The event data is the error code.

Event ID 3221228632 — The DNS server encountered an non-writeable or unknown resource record (RR) type when writing the zone database to file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an non-writeable or unknown resource record (RR) type when writing the zone database to file. The event data is applicable RR type.

Message #

The DNS server encountered an non-writeable or unknown resource record (RR) type when writing the zone database to file. The event data is applicable RR type.

Event ID 3221228634 — The DNS server encountered an unknown protocol writing a well known service (WKS) resource record to the zone file.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server encountered an unknown protocol writing a well known service (WKS) resource record to the zone file. The event data is applicable the protocol number.

Message #

The DNS server encountered an unknown protocol writing a well known service (WKS) resource record to the zone file. The event data is applicable the protocol number.

Event ID 3221228635 — While writing a well known service (WKS) record to the zone file; the DNS server encountered a port number that is not associated with a known serv...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

While writing a well known service (WKS) record to the zone file; the DNS server encountered a port number that is not associated with a known service. The event data is the port number of the unknown service.

Event ID 3221229472 — The DNS server was unable to open Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Event ID 3221229473 — The DNS server was unable to open zone {param1} in the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to open zone {param1} in the Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Fields #

Name	Description
`param1`	—

Event ID 3221229474 — The DNS server was unable to add zone {param1} to the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to add zone {param1} to the Active Directory.  Check that the Active Directory is available.  Note that the zone will not be be added to and written to the directory unless you re-attempt adding the zone using the DNS console.  The event data contains the error. For more information see 'Add and Remove Zones' in the online Help.

Fields #

Name	Description
`param1`	—

Event ID 3221229475 — The DNS server was unable to delete zone {param1} in the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to delete zone {param1} in the Active Directory.  Check that the Active Directory is functioning properly.  Note that this zone will not be removed from the directory unless you retry deleting of the zone using the DNS console. The event data contains the error. For more information see 'Add and Remove Zones' in the online Help.

Fields #

Name	Description
`param1`	—

Event ID 3221229476 — The DNS server was unable to complete directory service enumeration of zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to complete directory service enumeration of zone {param1}.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is '{param2}'. The event data contains the error.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221229478 — The DNS server could not load the records for the DNS name {param1} found in the Active Directory integrated zone {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server could not load the records for the DNS name {param1} found in the Active Directory integrated zone {param2}. A possible cause is that this DNS name contains character(s) not permitted by the name-checking setting on this DNS server.  To allow these records to be loaded choose the appropriate name-checking  setting on the DNS server.  To delete these records from the Active Directory; first allow the DNS server to load them by changing the name-checking setting on this DNS server to allow all names. Then restart the DNS server service to cause the records to be loaded. The records will now appear in the DNS Manager and may be deleted. When the records have been deleted; restore the DNS server name-checking setting to the preferred value.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221229479 — The DNS server was unable to open zone {param1} in the Active Directory from the application directory partition {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to open zone {param1} in the Active Directory from the application directory partition {param2}. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221229482 — The DNS server was unable to create a resource record for {param1} in zone {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to create a resource record for  {param1} in zone {param2}. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221229483 — The DNS server was unable to add or write an update of domain name {param1} in zone {param2} to the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server was unable to add or write an update of domain name {param1} in zone {param2} to the Active Directory.  Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is '{param3}'. The event data contains the error.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221229484 — The DNS server timed out attempting to write resource records to the Active Directory at {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server timed out attempting to write resource records to the Active Directory at {param1}.  Check that the directory is functioning properly and add or update the records using the DNS console. The event data contains the error.

Fields #

Name	Description
`param1`	—

Event ID 3221229486 — The DNS server was unable to initialize Active Directory security interfaces.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to initialize Active Directory security interfaces. Check that the Active Directory is functioning properly and restart the DNS server. The event data contains the error.

Message #

The DNS server was unable to initialize Active Directory security interfaces. Check that the Active Directory is functioning properly and restart the DNS server. The event data contains the error.

Event ID 3221229487 — The DNS server has encountered a critical error from the Active Directory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is '{param1}'. The event data contains the error.

Fields #

Name	Description
`param1`	—

Event ID 3221229488 — The DNS server timed out attempting an Active Directory service operation on {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server timed out attempting an Active Directory service operation on {param1}. Check Active Directory to see that it is functioning properly. The event data contains the error.

Message #

The DNS server timed out attempting an Active Directory service operation on {param1}.  Check Active Directory to see that it is functioning properly. The event data contains the error.

Fields #

Name	Description
`param1`	—

Event ID 3221229983 — The zone {param1} was not successfully saved to the new directory partition as {param2} due to an error deleting the zone from the old directory pa...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The zone {param1} was not successfully saved to the new directory partition as {param2} due to an error deleting the zone from the old directory partition as {param3}.  The DNS Server has attempted to undo the changes; but manual cleanup of the zone may be required. The event data contains the error code.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221230577 — The DNS server attempted to cache an CNAME (alias) resource record for the domain node.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server attempted to cache an CNAME (alias) resource record for the domain node. The operation failed; since the CNAME RR must be the only RR for its domain name.

Message #

The DNS server attempted to cache an CNAME (alias) resource record for the domain node.  The operation failed; since the CNAME RR must be the only RR for its domain name.

Event ID 3221230578 — The DNS server attempted to cache an CNAME (alias) resource record (RR) for a domain name with existing RRs.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server attempted to cache an CNAME (alias) resource record (RR) for a domain name with existing RRs. The CNAME RR is ignored; since it must be the only RR for its domain name.

Message #

The DNS server attempted to cache an CNAME (alias) resource record (RR) for a domain name with existing RRs.  The CNAME RR is ignored; since it must be the only RR for its domain name.

Event ID 3221230579 — The DNS server created CNAME (alias) loop caching CNAME resource records (RRs).

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server created CNAME (alias) loop caching CNAME resource records (RRs). The record is ignored; since CNAME loops are not allowed.

Message #

The DNS server created CNAME (alias) loop caching CNAME resource records (RRs).  The record is ignored; since CNAME loops are not allowed.

Event ID 3221230580 — The DNS server created an CNAME (alias) loop loading CNAME at {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

The DNS server created an CNAME (alias) loop loading CNAME at {param1}. One link in CNAME loop:  DNS name {param2} is an alias for CNAME {param3}. See adjoining messages for other links in the CNAME loop.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221231996 — Invalid response from master DNS server at {param2} during attempted zone transfer of zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

Invalid response from master DNS server at {param2} during attempted zone transfer of zone {param1}.  Check the DNS server at {param2} and ensure that it is authoritative for this zone.  This can be done by viewing or updating the list of authoritative servers for the zone.  When using the DNS console; select zone {param1} Properties at server {param2} and click the Name Servers tab.  If needed; you can add or update this server in the list there.  As an alternative solution; you could also modify settings in the Zone Transfer tab to allow transfer of the zone to this and other DNS servers.

Fields #

Name	Description
`param2`	—
`param1`	—

Event ID 3221231997 — A zone transfer request for the secondary zone {param1} was refused by the master DNS server at {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

A zone transfer request for the secondary zone {param1} was refused by the master DNS server at {param2}. Check the zone at the master server {param2} to verify that zone transfer is enabled to this server.  To do so; use the DNS console; and select master server {param2} as the applicable server; then in secondary zone {param1} Properties; view the settings on the Zone Transfers tab.  Based on the settings you choose; make any configuration adjustments there (or possibly in the Name Servers tab) so that a zone transfer can be made to this server.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221231999 — Zone {param1} expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

Zone {param1} expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone has been shut down.

Message #

Zone {param1} expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.  The zone has been shut down.

Fields #

Name	Description
`param1`	—

Event ID 3221232002 — During transfer of zone {param1} from master at {param2}; the DNS server received a resource record (RR) for domain node {param3} at which an CNAME...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

During transfer of zone {param1} from master at {param2}; the DNS server received a resource record (RR) for domain node {param3} at which an CNAME (alias) RR was already received.  When used; the CNAME RR must be the only record for its domain name.  The CNAME RR for {param3} will be ignored.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221232003 — During transfer of zone {param1} from master at {param2}; the DNS server received a CNAME (alias) resource record (RR) for domain node {param3} for...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

During transfer of zone {param1} from master at {param2}; the DNS server received a CNAME (alias) resource record (RR) for domain node {param3} for which other records of that name were already received.  When used; the CNAME RR must be the only record for its domain name.  The CNAME RR for {param3} will be ignored.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221232004 — During transfer of zone {param1} from master at {param2}; the DNS server received a CNAME (alias) resource record (RR) for domain node {param3} whi...

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

During transfer of zone {param1} from master at {param2}; the DNS server received a CNAME (alias) resource record (RR) for domain node {param3} which would form an CNAME loop if accepted and used.  The CNAME RR for {param3} is being ignored.

Fields #

Name	Description
`param1`	—
`param2`	—
`param3`	—

Event ID 3221232005 — The DNS server could not create a zone transfer thread.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not create a zone transfer thread. The system may be out of resources. Close any applications not in use or reboot the computer to free memory. The event data contains the error.

Message #

The DNS server could not create a zone transfer thread.  The system may be out of resources.  Close any applications not in use or reboot the computer to free memory. The event data contains the error.

Event ID 3221232006 — Failed transfer of zone {param1} from DNS server at {param2}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

Failed transfer of zone {param1} from DNS server at {param2}.  The DNS server at {param2} aborted or failed to complete transfer of the zone.  Check the DNS server at {param2} and ensure it is properly functioning and authoritative for zone {param1}.

Fields #

Name	Description
`param1`	—
`param2`	—

Event ID 3221232008 — Invalid IXFR (Incremental Zone Transfer) response from master DNS server at {param2} during attempted incremental transfer of zone {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

Invalid IXFR (Incremental Zone Transfer) response from master DNS server at {param2} during attempted incremental transfer of zone {param1}.  Check the DNS server at {param2}; and verify its is running as a Windows 2000 or later Microsoft DNS server or  another IXFR-compatible DNS server implementation.

Fields #

Name	Description
`param2`	—
`param1`	—

Event ID 3221232174 — DNS server has updated its own host (A) records.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Message #

DNS server has updated its own host (A) records.  In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server; an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update; the record data is the error code.  If this DNS server does not have any DS-integrated peers; then this error should be ignored.  If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server; they will be unable to replicate with it.  To ensure proper replication: 1) Find this server's Active Directory replication partners that run the DNS server. 2) Open DnsManager and connect in turn to each of the replication partners. 3) On each server; check the host (A record) registration for THIS server. 4) Delete any A records that do NOT correspond to IP addresses of this server. 5) If there are no A records for this server; add at least one A record corresponding to an address on this server; that the replication partner can contact.  (In other words; if there multiple IP addresses for this DNS server; add at least one that is on the same network as the Active Directory DNS server you are updating.) 6) Note; that is not necessary to update EVERY replication partner.  It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

Event ID 3221232522 — The DNS server recv() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server recv() function failed. The event data contains the error.

Message #

The DNS server recv() function failed. The event data contains the error.

Event ID 3221232523 — The DNS server recvfrom() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server recvfrom() function failed. The event data contains the error.

Message #

The DNS server recvfrom() function failed. The event data contains the error.

Event ID 3221232524 — The DNS server send() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server send() function failed. The event data contains the error.

Message #

The DNS server send() function failed. The event data contains the error.

Event ID 3221232525 — The DNS server sendto() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server sendto() function failed. The event data contains the error.

Message #

The DNS server sendto() function failed. The event data contains the error.

Event ID 3221232526 — The DNS server select() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server select() function failed. The event data contains the error.

Message #

The DNS server select() function failed. The event data contains the error.

Event ID 3221232527 — The DNS server accept() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server accept() function failed. The event data contains the error.

Message #

The DNS server accept() function failed. The event data contains the error.

Event ID 3221232528 — The DNS server GetQueuedCompletionStatus() function failed.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server GetQueuedCompletionStatus() function failed. The event data contains the error.

Message #

The DNS server GetQueuedCompletionStatus() function failed. The event data contains the error.

Event ID 3221232974 — The DNS server was unable to service a client request due a shortage of available memory.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server was unable to service a client request due a shortage of available memory. Close any applications not in use or reboot the computer to free memory.

Message #

The DNS server was unable to service a client request due a shortage of available memory.  Close any applications not in use or reboot the computer to free memory.

Event ID 3221232975 — The DNS server could not allocate memory for resource record {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not allocate memory for resource record {param1}. Close any applications not in use or reboot the computer to free memory.

Message #

The DNS server could not allocate memory for resource record {param1}. Close any applications not in use or reboot the computer to free memory.

Fields #

Name	Description
`param1`	—

Event ID 3221232976 — The DNS server could not allocate memory for the node of domain name {param1}.

Provider: Microsoft-Windows-DNS-Server-Service
Channel: DNS Server

Description

The DNS server could not allocate memory for the node of domain name {param1}. Close any applications not in use or reboot the computer to free memory.

Message #

The DNS server could not allocate memory for the node of domain name {param1}. Close any applications not in use or reboot the computer to free memory.

Fields #

Name	Description
`param1`	—