DNS2016

Alerts

DisplayName	Type	Description
AlertRule-Dns-2016-10	Log	Service.DependencyFailed
AlertRule-Dns-2016-1000	Log	Configuration.FileOpenError
AlertRule-Dns-2016-1004	Log	Configuration.CouldNotOpenDatabase
AlertRule-Dns-2016-1200	Log	Configuration.BootFileNotFound
AlertRule-Dns-2016-1201	Log	Configuration.ZoneCreationFailed
AlertRule-Dns-2016-1203	Log	Configuration.NoForwardingAddresses
AlertRule-Dns-2016-131	Log	WINSConnector.Initialize.Failed
AlertRule-Dns-2016-140	Log	RPC.Initialize.Failed
AlertRule-Dns-2016-150	Log	Configuration.PluginInitFailed
AlertRule-Dns-2016-1540	Log	Configuration.DomainNodeCreationError
AlertRule-Dns-2016-4000	Log	ADI.OpenFailed
AlertRule-Dns-2016-4006	Log	ADI.LoadFailed
AlertRule-Dns-2016-4007	Log	ADI.OpenPartitionFailed
AlertRule-Dns-2016-4010	Log	ADI.RecordLoadFailed
AlertRule-Dns-2016-4011	Log	ADI.WriteFailed
AlertRule-Dns-2016-4012	Log	ADI.WriteTimeout
AlertRule-Dns-2016-4014	Log	ADI.SecurityInterfaceFailed
AlertRule-Dns-2016-4015	Log	ADI.InterfaceError
AlertRule-Dns-2016-4016	Log	ADI.LDAPTimeout
AlertRule-Dns-2016-4017	Log	ADI.DNSAdminsError
AlertRule-Dns-2016-408	Log	Configuration.OpenSocketForAddress
AlertRule-Dns-2016-409	Log	Configuration.UpdateListenAddresses
AlertRule-Dns-2016-410	Log	Configuration.InvalidListenAddresses
AlertRule-Dns-2016-414	Log	Configuration.SingleLabelHostname
AlertRule-Dns-2016-4510	Log	ADI.FSMOUnavailable
AlertRule-Dns-2016-4511	Log	ADI.DeleteError
AlertRule-Dns-2016-4512	Log	ADI.PartitionCreateError
AlertRule-Dns-2016-501	Log	Configuration.InvalidZoneType
AlertRule-Dns-2016-502	Log	Configuration.NoZoneFile
AlertRule-Dns-2016-503	Log	Configuration.SecondaryRequiresMasters
AlertRule-Dns-2016-504	Log	Configuration.RegZoneCreationFailed
AlertRule-Dns-2016-5051	Log	Service.Memory.Warning
AlertRule-Dns-2016-6527	Log	Configuration.ZoneExpiration
AlertRule-Dns-2016-6702	Log	Configuration.UpdateDSPeersFailure
AlertRule-Dns-2016-706	Log	RootHints.NoRootNameServer
AlertRule-Dns-2016-7060	Log	Service.ConnectionError
AlertRule-Dns-2016-7616	Log	DNSSEC.TALoadFailed
AlertRule-Dns-2016-7636	Log	DNSSEC.TPDeleted
AlertRule-Dns-2016-7642	Log	DNSSEC.InvalidTA
AlertRule-Dns-2016-7644	Log	DNSSEC.TARefreshFailed
AlertRule-Dns-2016-777	Log	DNSSEC.ZoneUnSignFailure
AlertRule-Dns-2016-111	Log	Service.ThreadCreationFailed
AlertRule-Dns-2016-4018	Log	ADI.BackgroundLoadFailure
AlertRule-Dns-2016-4513	Log	ADI.EnlistmentFailed
AlertRule-Dns-2016-4520	Log	ADI.RetryableZoneOperationFailed
AlertRule-Dns-2016-707	Log	RootHints.CacheFileError
AlertRule-Dns-2016-7692	Log	Server.EDNS0.ZoneTransfer.OptionInvalid
AlertRule-Dns-2016-796	Log	ClientSubnet.LoadFail
AlertRule-Dns-2016-2200	Log	Configuration.RegistryOperationFailed
AlertRule-Dns-2016-7502	Log	Service.Memory.Error
AlertRule-Dns-2016-792	Log	Policy.ServerLevel.LoadFail
AlertRule-Dns-2016-1001	Log	Service.FileError
AlertRule-Dns-2016-403	Log	Service.SocketFailure
AlertRule-Dns-2016-500	Log	Configuration.InvalidRegistrySetting

Microsoft.Windows.DNSServer.2016.Service.DependencyFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (10) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=10)]]

Microsoft.Windows.DNSServer.2016.Configuration.FileOpenError

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (1000) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=1000)]]

Microsoft.Windows.DNSServer.2016.Configuration.CouldNotOpenDatabase

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (1004) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=1004)]]

Microsoft.Windows.DNSServer.2016.Configuration.BootFileNotFound

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (1200) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=1200)]]

Microsoft.Windows.DNSServer.2016.Configuration.ZoneCreationFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (1201) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=1201)]]

Microsoft.Windows.DNSServer.2016.Configuration.NoForwardingAddresses

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (1203) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=1203)]]

Microsoft.Windows.DNSServer.2016.WINSConnector.Initialize.Failed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (131) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=131)]]

Microsoft.Windows.DNSServer.2016.RPC.Initialize.Failed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (140) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=140)]]

Microsoft.Windows.DNSServer.2016.Configuration.PluginInitFailed

Property	Value
Severity	1
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (150) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=150)]]

Microsoft.Windows.DNSServer.2016.Configuration.DomainNodeCreationError

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (1540) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=1540)]]

Microsoft.Windows.DNSServer.2016.ADI.OpenFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4000) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4000)]]

Microsoft.Windows.DNSServer.2016.ADI.LoadFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4006) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4006)]]

Microsoft.Windows.DNSServer.2016.ADI.OpenPartitionFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4007) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4007)]]

Microsoft.Windows.DNSServer.2016.ADI.RecordLoadFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4010) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4010)]]

Microsoft.Windows.DNSServer.2016.ADI.WriteFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4011) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4011)]]

Microsoft.Windows.DNSServer.2016.ADI.WriteTimeout

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4012) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4012)]]

Microsoft.Windows.DNSServer.2016.ADI.SecurityInterfaceFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4014) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4014)]]

Microsoft.Windows.DNSServer.2016.ADI.InterfaceError

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4015) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4015)]]

Microsoft.Windows.DNSServer.2016.ADI.LDAPTimeout

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4016) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4016)]]

Microsoft.Windows.DNSServer.2016.ADI.DNSAdminsError

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4017) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4017)]]

Microsoft.Windows.DNSServer.2016.Configuration.OpenSocketForAddress

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (408) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=408)]]

Microsoft.Windows.DNSServer.2016.Configuration.UpdateListenAddresses

Property	Value
Severity	1
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (409) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=409)]]

Microsoft.Windows.DNSServer.2016.Configuration.InvalidListenAddresses

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (410) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=410)]]

Microsoft.Windows.DNSServer.2016.Configuration.SingleLabelHostname

Property	Value
Severity	1
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (414) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=414)]]

Microsoft.Windows.DNSServer.2016.ADI.FSMOUnavailable

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4510) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4510)]]

Microsoft.Windows.DNSServer.2016.ADI.DeleteError

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4511) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4511)]]

Microsoft.Windows.DNSServer.2016.ADI.PartitionCreateError

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4512) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4512)]]

Microsoft.Windows.DNSServer.2016.Configuration.InvalidZoneType

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (501) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=501)]]

Microsoft.Windows.DNSServer.2016.Configuration.NoZoneFile

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (502) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=502)]]

Microsoft.Windows.DNSServer.2016.Configuration.SecondaryRequiresMasters

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (503) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=503)]]

Microsoft.Windows.DNSServer.2016.Configuration.RegZoneCreationFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (504) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=504)]]

Microsoft.Windows.DNSServer.2016.Service.Memory.Warning

Property	Value
Severity	1
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (5051) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=5051)]]

Microsoft.Windows.DNSServer.2016.Configuration.ZoneExpiration

Property	Value
Severity	1
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (6527) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=6527)]]

Microsoft.Windows.DNSServer.2016.Configuration.UpdateDSPeersFailure

Property	Value
Severity	1
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (6702) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=6702)]]

Microsoft.Windows.DNSServer.2016.RootHints.NoRootNameServer

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (706) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=706)]]

Microsoft.Windows.DNSServer.2016.Service.ConnectionError

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (7060) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=7060)]]

Microsoft.Windows.DNSServer.2016.Rules.DNSSEC.TALoadFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (7616) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=7616)]]

Microsoft.Windows.DNSServer.2016.Rules.DNSSEC.TPDeleted

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (7636) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=7636)]]

Microsoft.Windows.DNSServer.2016.Rules.DNSSEC.InvalidTA

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (7642) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=7642)]]

Microsoft.Windows.DNSServer.2016.Rules.DNSSEC.TARefreshFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (7644) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=7644)]]

Microsoft.Windows.DNSServer.2016.Rules.DNSSEC.ZoneUnSignFailure

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (777) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=777)]]

Microsoft.Windows.DNSServer.2016.Service.ThreadCreationFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (111,6533) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=111 or EventID=6533)]]

Microsoft.Windows.DNSServer.2016.ADI.BackgroundLoadFailure

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4018,4019) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4018 or EventID=4019)]]

Microsoft.Windows.DNSServer.2016.ADI.EnlistmentFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4513,4514) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4513 or EventID=4514)]]

Microsoft.Windows.DNSServer.2016.ADI.RetryableZoneOperationFailed

Property	Value
Severity	1
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (4520,4521) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=4520 or EventID=4521)]]

Microsoft.Windows.DNSServer.2016.RootHints.CacheFileError

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (707,1003) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=707 or EventID=1003)]]

Microsoft.Windows.DNSServer.2016.Rules.Server.EDNS0.ZoneTransfer.OptionInvalid

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (7692,790) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=7692 or EventID=790)]]

Microsoft.Windows.DNSServer.2016.Rules.ClientSubnet.LoadFail

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (796,799) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=796 or EventID=799)]]

Microsoft.Windows.DNSServer.2016.Configuration.RegistryOperationFailed

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (2200,2202,2203) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=2200 or EventID=2202 or EventID=2203)]]

Microsoft.Windows.DNSServer.2016.Service.Memory.Error

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (7502,7503,7504) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=7502 or EventID=7503 or EventID=7504)]]

Microsoft.Windows.DNSServer.2016.Rules.Policy.ServerLevel.LoadFail

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (792,795,797) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=792 or EventID=795 or EventID=797)]]

Microsoft.Windows.DNSServer.2016.Service.FileError

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (1001,1008,3151,3152,3153) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=1001 or EventID=1008 or EventID=3151 or EventID=3152 or EventID=3153)]]

Microsoft.Windows.DNSServer.2016.Service.SocketFailure

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (403,404,405,406,407) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=403 or EventID=404 or EventID=405 or EventID=406 or EventID=407)]]

Microsoft.Windows.DNSServer.2016.Configuration.InvalidRegistrySetting

Property	Value
Severity	2
Enabled	True
AutoMitigate	True
EvaluationFrequency	PT15M
WindowSize	PT15M
Type	rows
Query	Event \| where EventID in (500,505,506,507,2204) and EventLog == ‘DNS Server’
Threshold	N/A
xPathQuery	DNS Server!*[System[Provider[@Name=‘Microsoft-Windows-DNS-Server-Service’] and (EventID=500 or EventID=505 or EventID=506 or EventID=507 or EventID=2204)]]

Performance Counters

Performance Counter
\DNS\AXFR Request Received
\DNS\AXFR Request Sent
\DNS\AXFR Response Received
\DNS\AXFR Success Received
\DNS\AXFR Success Sent
\DNS\Caching Memory
\DNS\Data Flush Pages/sec
\DNS\Data Flushes/sec
\DNS\Database Node Memory
\DNS\Dynamic Update NoOperation
\DNS\Dynamic Update NoOperation/sec
\DNS\Dynamic Update Queued
\DNS\Dynamic Update Received
\DNS\Dynamic Update Received/sec
\DNS\Dynamic Update Rejected
\DNS\Dynamic Update TimeOuts
\DNS\Dynamic Update Written to Database
\DNS\Dynamic Update Written to Database/sec
\DNS\IXFR Request Received
\DNS\IXFR Request Sent
\DNS\IXFR Response Received
\DNS\IXFR Success Received
\DNS\IXFR Success Sent
\DNS\IXFR TCP Success Received
\DNS\IXFR UDP Success Received
\DNS\Nbstat Memory
\DNS\Notify Received
\DNS\Notify Sent
\DNS\Query Dropped Bad Socket
\DNS\Query Dropped Bad Socket/sec
\DNS\Query Dropped By Policy
\DNS\Query Dropped By Policy/sec
\DNS\Query Dropped By Response Rate Limiting
\DNS\Query Dropped By Response Rate Limiting/sec
\DNS\Query Dropped Send
\DNS\Query Dropped Send/sec
\DNS\Query Dropped Total
\DNS\Query Dropped Total/sec
\DNS\Record Flow Memory
\DNS\Recursive Queries
\DNS\Recursive Queries/sec
\DNS\Recursive Query Failure
\DNS\Recursive Query Failure/sec
\DNS\Recursive Send TimeOuts
\DNS\Recursive TimeOut/sec
\DNS\Responses Suppressed
\DNS\Responses Suppressed/sec
\DNS\Secure Update Failure
\DNS\Secure Update Received
\DNS\Secure Update Received/sec
\DNS\TCP Message Memory
\DNS\TCP Query Received
\DNS\TCP Query Received/sec
\DNS\TCP Response Sent
\DNS\TCP Response Sent/sec
\DNS\Total Query Received
\DNS\Total Query Received/sec
\DNS\Total Remote Inflight Queries
\DNS\Total Response Sent
\DNS\Total Response Sent/sec
\DNS\UDP Message Memory
\DNS\UDP Query Received
\DNS\UDP Query Received/sec
\DNS\UDP Response Sent
\DNS\UDP Response Sent/sec
\DNS\Unmatched Responses Received
\DNS\WINS Lookup Received
\DNS\WINS Lookup Received/sec
\DNS\WINS Response Sent
\DNS\WINS Response Sent/sec
\DNS\WINS Reverse Lookup Received
\DNS\WINS Reverse Lookup Received/sec
\DNS\WINS Reverse Response Sent
\DNS\WINS Reverse Response Sent/sec
\DNS\Zone Transfer Failure
\DNS\Zone Transfer Request Received
\DNS\Zone Transfer SOA Request Sent
\DNS\Zone Transfer Success