5504 errors

[Reed Wiedower]

Several of my Win2k servers have been logging 5504 DNS errors every hour.
The sources are from a random variety of external servers. Any idea of how
to prevent these from showing up?

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 5504
Date: 7/2/2004
Time: 6:53:15 PM
User: N/A
Computer: XXXXXXXXX
Description:
The DNS server encountered an invalid domain name in a packet from
198.41.0.10. The packet is rejected.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

end of line,

Reed Wiedower

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Several of my Win2k servers have been logging 5504 DNS
errors every hour. The sources are from a random variety
of external servers. Any idea of how to prevent these
from showing up?

Check out the thread in this group with the subject Event ID: 5504 In that
particular thread the 5504s were coming from DNS sending queries to the root
servers for localhost. There is quite a discussion been going on in that
thread.
Creating a Forward lookup zone named localhost, with a blank host with IP
127.0.0.1 stopped the 5504s but it does not explain why DNS is sending
localhost queries to the root servers in the first place.

 

[Scott Harding - MS MVP]

Check to see if Recusion is on/off in your DNS Manager. Just check/uncheck
it. Basically do the opposite of what it is set to. I think this should
clear it up.

 

[Ace Fekay [MVP]]

In

Several of my Win2k servers have been logging 5504 DNS errors every
hour. The sources are from a random variety of external servers. Any
idea of how to prevent these from showing up?

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 5504
Date: 7/2/2004
Time: 6:53:15 PM
User: N/A
Computer: XXXXXXXXX
Description:
The DNS server encountered an invalid domain name in a packet from
198.41.0.10. The packet is rejected.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

end of line,

Reed Wiedower

As Kevin said, check out that previous thread on it.

Also, check to make sure Secure Cache is set.

Curious, you blanked out the computername. Is that an iternal computer? If
it is, check its name, make sure no underscores or spaces in the name, or
this can cause it.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Feng Mao]

Hi Reed,

Thank you for posting!

Ace, Scott and Kevin's suggestions must be helpful to solve your "DNS 5504
error" problem.

Personally, I have an addition suggestion which was used to solve similar
problem before. Corrupted DNS Cache may cause it.

On the problematic DNS Server, check if the item "Secure cache against
pollution" is enabled. If not, please enable it.

a) Right click the DNS Server in the DNS window and choose the
"Properties" menu.

b) Choose the "Advanced" tab. Check if the "Secure cache against
pollution" item is checked. If not, please check it.

c) Right click the DNS Computer Name in the DNS window and choose the
"Clear Cache" menu.

d) Run the command "ipconfig /flushdns" in the Command Prompt. Restart the
DNS server service

e) Monitor the issue and check if the "DNS 5504" warning still occur.

I hope that the above information is helpful.

Have a nice day!

Thanks & Regards,

Feng Mao [MSFT], MCSE
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Reed Wiedower]

1) Secure cache was already set.

2) The computer is internal, but none of the computer names on my network
contain underscores or spaces.

3) All the IP addresses listed in the error logs are from EXTERNAL sources.
None are from any internal ip sources.

Any other ideas?

end of line,

Reed


"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

1) Secure cache was already set.

2) The computer is internal, but none of the computer names on my
network contain underscores or spaces.

3) All the IP addresses listed in the error logs are from EXTERNAL
sources. None are from any internal ip sources.

Any other ideas?

end of line,

Reed

If you read the other thread, its a tough one to figure out. There's a
hotfix for this listed in that thread as well, but some are not willing to
install it. I haven't seen this error at all at any of my clients. Sometimes
hearing about it makes me think the server is under attack, but hard to say.
Need to do a netmon capture to determine that.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Feng Mao]

Hi Reed,

I am wondering whether or not the IP addresses list in the logs are
dedicated ones. If so, what kind of these external sources they are? What
operating system is running on these computers?

I agree with Ace, if we dig into the problem, network monitor trace might
be necessary to isolate the cause.

Thanks & Regards,

Feng Mao [MSFT], MCSE
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.