Event Id | 156 |
Source | DNS |
Description | DNS Server does not have a cache (or database) entry for root name server. The cache file MUST have at least one NS record, indicating a root DNS server and a corresponding A record for that root DNS server. Otherwise the DNS server will be unable to contact the root DNS server on startup and will be unable to answer queries for names outside of its own authoritative zones. |
Event Information | According to Microsoft: CAUSE: This behavior can occur when the Cache.dns file is corrupted or contains invalid entries. RESOLUTION: To resolve this behavior, follow these steps: 1. Stop the DNS service. 2. Rename the existing Cache.dns file in the %SystemRoot%\System32\Dns folder to Cache.old. 3. Copy the Cache.dns file from the %SystemRoot%\System32\Dns\Backup folder into the %SystemRoot%\System32\Dns folder. 4. Restart the DNS service. |
Reference Links | Domain Name Server Generates Event ID 156, Lack of Cache Entry for Name Server |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.