diff --git a/domain-server/src/DomainServerSettingsManager.cpp b/domain-server/src/DomainServerSettingsManager.cpp
index f322520897..653e536195 100644
--- a/domain-server/src/DomainServerSettingsManager.cpp
+++ b/domain-server/src/DomainServerSettingsManager.cpp
@@ -1470,6 +1470,8 @@ QJsonObject DomainServerSettingsManager::settingsResponseObjectForType(const QSt
                                                                        SettingsBackupFlag settingsBackupFlag) {
     QJsonObject responseObject;
 
+    responseObject["version"] = _descriptionVersion;  // Domain settings version number.
+
     if (!typeValue.isEmpty() || authentication == Authenticated) {
         // convert the string type value to a QJsonValue
         QJsonValue queryType = typeValue.isEmpty() ? QJsonValue() : QJsonValue(typeValue.toInt());
diff --git a/libraries/networking/src/NodeList.cpp b/libraries/networking/src/NodeList.cpp
index a523a7ff36..9a073e1e78 100644
--- a/libraries/networking/src/NodeList.cpp
+++ b/libraries/networking/src/NodeList.cpp
@@ -94,6 +94,12 @@ NodeList::NodeList(char newOwnerType, int socketListenPort, int dtlsListenPort)
     // send a ping punch immediately
     connect(&_domainHandler, &DomainHandler::icePeerSocketsReceived, this, &NodeList::pingPunchForDomainServer);
 
+    // FIXME: Can remove this temporary work-around in version 2021.2.0. (New protocol version implies a domain server upgrade.)
+    // Adjust our canRezAvatarEntities permissions on older domains that do not have this setting.
+    // DomainServerList and DomainSettings packets can come in either order so need to adjust with both occurrences.
+    auto nodeList = DependencyManager::get<NodeList>();
+    connect(&_domainHandler, &DomainHandler::settingsReceived, this, &NodeList::adjustCanRezAvatarEntitiesPerSettings);
+
     auto accountManager = DependencyManager::get<AccountManager>();
 
     // assume that we may need to send a new DS check in anytime a new keypair is generated
@@ -820,6 +826,11 @@ void NodeList::processDomainServerList(QSharedPointer<ReceivedMessage> message)
         DependencyManager::get<AddressManager>()->lookupShareableNameForDomainID(domainUUID);
     }
 
+    // FIXME: Can remove this temporary work-around in version 2021.2.0. (New protocol version implies a domain server upgrade.)
+    // Adjust our canRezAvatarEntities permissions on older domains that do not have this setting.
+    // DomainServerList and DomainSettings packets can come in either order so need to adjust with both occurrences.
+    adjustCanRezAvatarEntitiesPermissions(_domainHandler.getSettingsObject(), newPermissions, false);
+
     setPermissions(newPermissions);
     setAuthenticatePackets(isAuthenticated);
 
@@ -1368,3 +1379,34 @@ void NodeList::setRequestsDomainListData(bool isRequesting) {
 void NodeList::startThread() {
     moveToNewNamedThread(this, "NodeList Thread", QThread::TimeCriticalPriority);
 }
+
+
+// FIXME: Can remove this work-around in version 2021.2.0. (New protocol version implies a domain server upgrade.)
+void NodeList::adjustCanRezAvatarEntitiesPermissions(const QJsonObject& domainSettingsObject,
+        NodePermissions& permissions, bool notify) {
+
+    if (domainSettingsObject.isEmpty()) {
+        // We don't have the information necessary to adjust permissions, yet.
+        return;
+    }
+
+    const double CANREZAVATARENTITIES_INTRODUCED_VERSION = 2.5;
+    auto version = domainSettingsObject.value("version");
+    if (version.isUndefined() || version.isDouble() && version.toDouble() < CANREZAVATARENTITIES_INTRODUCED_VERSION) {
+        // On domains without the canRezAvatarEntities permission available, set it to the same as canConnectToDomain.
+        if (permissions.can(NodePermissions::Permission::canConnectToDomain)) {
+            if (!permissions.can(NodePermissions::Permission::canRezAvatarEntities)) {
+                permissions.set(NodePermissions::Permission::canRezAvatarEntities);
+                if (notify) {
+                    emit canRezAvatarEntitiesChanged(permissions.can(NodePermissions::Permission::canRezAvatarEntities));
+                }
+            }
+        }
+    }
+
+}
+
+// FIXME: Can remove this work-around in version 2021.2.0. (New protocol version implies a domain server upgrade.)
+void NodeList::adjustCanRezAvatarEntitiesPerSettings(const QJsonObject& domainSettingsObject) {
+    adjustCanRezAvatarEntitiesPermissions(domainSettingsObject, _permissions, true);
+}
diff --git a/libraries/networking/src/NodeList.h b/libraries/networking/src/NodeList.h
index 4954c53c84..dab8e675dc 100644
--- a/libraries/networking/src/NodeList.h
+++ b/libraries/networking/src/NodeList.h
@@ -123,6 +123,11 @@ public slots:
 
     void processUsernameFromIDReply(QSharedPointer<ReceivedMessage> message);
 
+    // FIXME: Can remove these work-arounds in version 2021.2.0. (New protocol version implies a domain server upgrade.)
+    void adjustCanRezAvatarEntitiesPermissions(const QJsonObject& domainSettingsObject, NodePermissions& permissions,
+        bool notify);
+    void adjustCanRezAvatarEntitiesPerSettings(const QJsonObject& domainSettingsObject);
+
 #if (PR_BUILD || DEV_BUILD)
     void toggleSendNewerDSConnectVersion(bool shouldSendNewerVersion) { _shouldSendNewerVersion = shouldSendNewerVersion; }
 #endif