DNS server log reference

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

DNS server log reference

The following is a partial list of events recorded in the DNS server log. You can view this log by using the DNS console after the DNS Server service is installed on the server computer. For more information, see View the DNS server system event log.

Event ID Description


The DNS server has started.

This message generally appears at startup when either the server computer is started or the DNS Server service is manually started. For more information, see Start or stop a DNS server.


The DNS server has shut down.

This message generally appears when either the server computer is shut down or the DNS Server service is stopped manually.


The DNS server could not open socket for address [IPaddress]. Verify that this is a valid IP address for the server computer.

To correct the problem, you can do the following:

  • If the specified IP address is not valid, remove it from the list of restricted interfaces for the server and restart the server. For more information, see Restrict a DNS server to listen only on selected addresses.

  • If the specified IP address is no longer valid and was the only address enabled for the DNS server to use, the server might not have started as a result of this configuration error. To correct this problem, delete the following value from the registry and restart the DNS server:


  • If this is a valid IP address for the server computer, verify that no other application that would attempt to use the same DNS server port (such as another DNS server application) is running. By default, DNS uses TCP port 53.


The DNS server will send requests to other DNS servers on a port other than its default port (TCP port 53).

This DNS server is multihomed and has been configured to restrict DNS Server service to only some of its configured IP addresses. For this reason, there is no assurance that DNS queries made by this server to other remote DNS servers will be sent using one of the IP addresses enabled for the DNS server.

This might prevent query answer responses returned by these servers from being received on the DNS port that the server is currently configured to use. To avoid this problem, The DNS server sends queries to other DNS servers using an arbitrary non-DNS port, and the response is received regardless of the IP address used.

If you want to limit the DNS server to using only its configured DNS port for sending queries to other DNS servers, use the DNS console to perform one of the following changes in server properties configuration on the Interfaces tab:

  1. Either select All IP addresses to enable the DNS server to listen on all configured server IP addresses

  2. Or, if you continue to select and use Only the following IP addresses, limit the IP address list to a single server IP address.

For more information, see Restrict a DNS server to listen only on selected addresses.


The server computer currently has no primary DNS suffix configured. Its DNS name is currently a single label host name. For example, its currently configured name is "host" rather than "host.example.microsoft.com" or another fully qualified name.

While the DNS server has only a single label name, default resource records created for its configured zones use only this single label name when mapping the host name for this DNS server. This can lead to incorrect and failed referrals when clients and other DNS servers use these records to locate this server by name.

In general, the DNS server should be reconfigured with a full DNS computer name appropriate for its domain or workgroup use on your network.


The DNS server did not detect any zones of either primary or secondary type. It will run as a caching-only server but will not be authoritative for any zones.

For more information, see Using caching-only servers.


The DNS server wrote a new version of zone [zonename] to file [filename]. You can view the new version number by clicking the Record Data tab.

This event should only appear if the DNS server is configured to operate as a root server. For more information, see DNS-related files.


Zone [zonename] expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone has been shut down.

This event ID might appear when the DNS server is configured to host a secondary copy of the zone from another DNS server acting as its source or master server. Verify that this server has network connectivity to its configured master server.

If the problem continues, consider one or more of the following options:

  1. Delete the zone and recreate it, specifying either a different master server, or an updated and corrected IP address for the same master server.

    For more information, see Add and Remove Zones.

  2. If zone expiration continues, consider adjusting the expire interval.

    For more information, see Adjust the expire interval for a zone.

For more information, see Understanding zones and zone transfer.

For more information about all other messages not described in this topic, refer directly to the message text itself as it appears in the DNS server event log.


  • Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.