ANAVEM
EnglishFrancais
ANAVEM
Languagefr
Network operations center monitoring DNS infrastructure with multiple displays showing DNS query statistics and event logs
Event ID 264WarningDNS ClientWindows

Windows Event ID 264 – DNS Client: DNS Query Response Timeout

Event ID 264 indicates DNS query timeouts from the Windows DNS Client service, typically occurring when DNS servers fail to respond within the configured timeout period.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
18 March 20269 min read 0
Event ID 264DNS Client 5 methods 9 min
Event Reference

What This Event Means

Event ID 264 represents a DNS query timeout condition within the Windows DNS Client service architecture. When applications or system services request domain name resolution, the DNS Client service forwards these queries to configured DNS servers. If a DNS server fails to respond within the predetermined timeout window, the DNS Client logs this event to track resolution failures and assist with network troubleshooting.

The event typically includes detailed information such as the specific domain name being resolved, the target DNS server's IP address, the query type (A, AAAA, MX, etc.), and the timeout duration. This granular data enables administrators to identify patterns in DNS failures, whether they affect specific domains, particular DNS servers, or certain query types.

In Windows Server 2025 and Windows 11 24H2, Microsoft enhanced DNS Client logging to provide more contextual information about timeout events, including the originating process and network adapter details. This improvement helps administrators correlate DNS timeouts with specific applications or network interfaces, streamlining the troubleshooting process.

The DNS Client service maintains internal retry logic, attempting multiple DNS servers in the configured list before generating timeout events. Event ID 264 typically appears after all configured DNS servers have been attempted, making it a reliable indicator of widespread DNS infrastructure issues rather than isolated server problems.

Applies to

Windows 10Windows 11Windows Server 2019/2022/2025
Analysis

Possible Causes

  • DNS server unresponsive or overloaded with queries
  • Network connectivity issues between client and DNS servers
  • Firewall blocking DNS traffic on port 53 (UDP/TCP)
  • DNS server configuration errors or service failures
  • Network latency exceeding DNS client timeout thresholds
  • DNS forwarder chain failures in enterprise environments
  • Network adapter driver issues affecting DNS traffic
  • DNS cache corruption causing repeated failed queries
  • Active Directory DNS zone replication problems
  • ISP DNS server maintenance or outages
Resolution Methods

Troubleshooting Steps

01

Verify DNS Server Connectivity

Start by testing basic connectivity to your configured DNS servers to identify network-level issues.

  1. Open Command Prompt as Administrator
  2. Check current DNS configuration:
    ipconfig /all
  3. Test DNS server connectivity:
    Test-NetConnection -ComputerName 8.8.8.8 -Port 53
Test-NetConnection -ComputerName 1.1.1.1 -Port 53
  4. Perform manual DNS lookups:
    nslookup google.com 8.8.8.8
nslookup microsoft.com 1.1.1.1
  5. Check DNS resolution timing:
    Resolve-DnsName -Name google.com -Server 8.8.8.8 -Type A

If connectivity tests fail, investigate network routing, firewall rules, or contact your network administrator about DNS server availability.

02

Clear DNS Cache and Reset Network Stack

DNS cache corruption can cause repeated timeout events. Reset the DNS resolver cache and network stack components.

  1. Open Command Prompt as Administrator
  2. Flush DNS resolver cache:
    ipconfig /flushdns
  3. Reset Winsock catalog:
    netsh winsock reset
  4. Reset TCP/IP stack:
    netsh int ip reset
  5. Restart DNS Client service:
    Restart-Service -Name Dnscache -Force
  6. Verify DNS cache is empty:
    ipconfig /displaydns
  7. Restart the computer to complete network stack reset
Pro tip: Monitor Event Viewer after restart to confirm Event ID 264 frequency decreases.
03

Analyze DNS Event Logs and Configure Alternative Servers

Examine DNS-specific event logs and configure backup DNS servers to improve resolution reliability.

  1. Open Event ViewerApplications and Services LogsMicrosoftWindowsDNS Client EventsOperational
  2. Filter for Event ID 264 events:
    Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-DNS-Client/Operational'; Id=264} -MaxEvents 50 | Format-Table TimeCreated, Message -Wrap
  3. Identify problematic DNS servers from event details
  4. Configure alternative DNS servers via PowerShell:
    $adapter = Get-NetAdapter -Name "Ethernet"
Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex -ServerAddresses "8.8.8.8","1.1.1.1","208.67.222.222"
  5. Verify new DNS configuration:
    Get-DnsClientServerAddress -InterfaceAlias "Ethernet"
  6. Test resolution with new servers:
    Test-DnsServer -IPAddress "8.8.8.8" -ZoneName "microsoft.com"
04

Adjust DNS Client Timeout Settings

Modify DNS client timeout parameters to accommodate slower network conditions or distant DNS servers.

  1. Open Registry Editor as Administrator
  2. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
  3. Create or modify timeout values (DWORD, decimal):
    • MaxCacheTtl = 86400 (24 hours)
    • MaxNegativeCacheTtl = 300 (5 minutes)
    • NetFailureCacheTime = 30 (30 seconds)
  4. Configure DNS query timeout via PowerShell:
    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" -Name "QueryTimeout" -Value 10 -Type DWord
  5. Set DNS server retry attempts:
    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" -Name "ServerPriorityTimeLimit" -Value 15 -Type DWord
  6. Restart DNS Client service:
    Restart-Service -Name Dnscache
Warning: Increasing timeout values may slow down DNS resolution. Test thoroughly in your environment.
05

Implement DNS Monitoring and Troubleshooting Scripts

Deploy automated monitoring to track DNS performance and identify timeout patterns proactively.

  1. Create DNS monitoring PowerShell script:
    # DNS-Monitor.ps1
$dnsServers = @("8.8.8.8", "1.1.1.1", "208.67.222.222")
$testDomains = @("microsoft.com", "google.com", "github.com")

foreach ($server in $dnsServers) {
    foreach ($domain in $testDomains) {
        $result = Measure-Command { Resolve-DnsName -Name $domain -Server $server -ErrorAction SilentlyContinue }
        Write-Output "$server - $domain: $($result.TotalMilliseconds)ms"
    }
}
  2. Schedule monitoring task:
    $action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-File C:\Scripts\DNS-Monitor.ps1"
$trigger = New-ScheduledTaskTrigger -RepetitionInterval (New-TimeSpan -Minutes 15) -RepetitionDuration (New-TimeSpan -Days 365) -At (Get-Date)
Register-ScheduledTask -TaskName "DNS-Monitor" -Action $action -Trigger $trigger
  3. Create Event ID 264 alert script:
    Get-WinEvent -FilterHashtable @{LogName='System'; Id=264; StartTime=(Get-Date).AddHours(-1)} | 
ForEach-Object { Send-MailMessage -To "admin@company.com" -Subject "DNS Timeout Alert" -Body $_.Message }
  4. Enable DNS debug logging:
    wevtutil sl Microsoft-Windows-DNS-Client/Operational /e:true

Overview

Event ID 264 fires when the Windows DNS Client service encounters timeout issues while attempting to resolve domain names. This event appears in the System log when DNS queries exceed the configured timeout threshold, typically 2-5 seconds depending on your DNS client configuration. The DNS Client service generates this warning to alert administrators about potential network connectivity issues, DNS server problems, or configuration mismatches that could impact domain resolution performance.

This event commonly occurs during network transitions, DNS server maintenance, or when clients attempt to resolve names through unresponsive DNS servers. While occasional timeouts are normal in enterprise environments, frequent Event ID 264 entries indicate underlying DNS infrastructure problems that require investigation. The event provides crucial diagnostic information including the queried domain name, DNS server IP address, and timeout duration.

Understanding this event helps administrators maintain reliable DNS resolution, which is critical for Active Directory authentication, web browsing, email services, and virtually all network-dependent applications in modern Windows environments.

Frequently Asked Questions

What does Event ID 264 mean in Windows DNS Client?+
Event ID 264 indicates that the Windows DNS Client service experienced a timeout while attempting to resolve a domain name. This occurs when DNS servers fail to respond within the configured timeout period, typically 2-5 seconds. The event includes details about the queried domain, target DNS server, and timeout duration, helping administrators identify DNS infrastructure problems that could impact network connectivity and application performance.
How can I determine which DNS server is causing Event ID 264 timeouts?+
Examine the Event ID 264 details in Event Viewer or use PowerShell to filter events: Get-WinEvent -FilterHashtable @{LogName='System'; Id=264} | Format-List. The event message contains the specific DNS server IP address that failed to respond. You can also check DNS Client operational logs in Event Viewer under Applications and Services Logs → Microsoft → Windows → DNS Client Events → Operational for more detailed DNS query information.
Is Event ID 264 critical and does it require immediate attention?+
Event ID 264 is a Warning-level event, not critical, but frequent occurrences indicate DNS infrastructure problems that should be addressed. Occasional timeouts are normal in enterprise environments, but persistent Event ID 264 entries can impact user experience, slow down applications, and cause authentication delays in Active Directory environments. Monitor the frequency and investigate if you see multiple events within short time periods.
Can firewall settings cause Event ID 264 DNS timeout errors?+
Yes, firewall configurations blocking DNS traffic on port 53 (both UDP and TCP) can cause Event ID 264 timeouts. Windows Firewall, third-party firewalls, or network firewalls may block DNS queries to external servers. Check firewall rules using 'netsh advfirewall firewall show rule name=all | findstr DNS' and ensure DNS traffic is permitted. Corporate networks often restrict DNS queries to internal servers only, which can cause timeouts when applications attempt external DNS resolution.
How do I prevent Event ID 264 from recurring after fixing DNS issues?+
To prevent recurring Event ID 264 events: 1) Configure reliable primary and secondary DNS servers using Set-DnsClientServerAddress, 2) Implement DNS monitoring scripts to proactively detect server issues, 3) Adjust DNS client timeout settings in the registry if network latency is high, 4) Regularly flush DNS cache using 'ipconfig /flushdns', and 5) Monitor DNS server performance and availability. Consider using multiple DNS providers (like 8.8.8.8, 1.1.1.1) for redundancy in environments where DNS reliability is critical.
Documentation

References (2)

1
Microsoft Learn - DNS Client ServiceOfficial documentation covering DNS Client service configuration and troubleshooting in Windows environments.https://learn.microsoft.com/en-us/windows-server/networking/dns/dns-client
2
Windows DNS Troubleshooting GuideComprehensive DNS client troubleshooting procedures and diagnostic tools for Windows systems.https://learn.microsoft.com/en-us/windows-server/networking/dns/troubleshoot/troubleshoot-dns-client
Emanuel DE ALMEIDA
Written by

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Tags
#event-id-264#dns-client#network-troubleshooting

Related Windows Events

Windows network monitoring dashboard showing DNS Client service events and network analytics
Event 8303
DNS Client
Windows EventWarning

Windows Event ID 8303 – DNS Client: DNS Query Timeout or Resolution Failure

Event ID 8303 indicates DNS query timeouts or resolution failures from the DNS Client service, typically occurring when domain name lookups fail or exceed timeout thresholds.

March 1812 min
Network operations center displaying DNS monitoring and security analytics dashboards
Event 8194
DNS Client
Windows EventWarning

Windows Event ID 8194 – DNS Client: DNS Query Response Validation Failure

Event ID 8194 indicates DNS query response validation failures in Windows DNS Client service, typically caused by DNSSEC validation errors or corrupted DNS responses.

March 189 min
Network operations center monitoring DNS infrastructure and query performance on multiple displays
Event 902
DNS Client
Windows EventWarning

Windows Event ID 902 – DNS Client: DNS Query Timeout or Resolution Failure

Event ID 902 indicates DNS client query timeouts or resolution failures when Windows cannot resolve domain names within the configured timeout period.

March 1812 min
Windows Event Viewer displaying DNS Client service error logs on a professional monitoring dashboard
Event 2042
DNS Client
Windows EventError

Windows Event ID 2042 – DNS Client: DNS Client Service Failed to Start

Event ID 2042 indicates the DNS Client service failed to start during system boot, preventing DNS resolution and network connectivity for applications requiring domain name lookups.

March 189 min

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...