Error in DNS Server Event Log

  • Thread starter Thread starter Glen Patchet
  • Start date Start date
G

Glen Patchet

I keep getting this cryptic message in my DNS Server Event
Log:

Event ID: 5502
The DNS server received a bad TCP-based message from [IP
NUMBER]. The packet was rejected or ignored.

Any idea what this could possibly mean?

Thanks in advance,

Glen
 
In
Glen Patchet said:
I keep getting this cryptic message in my DNS Server Event
Log:

Event ID: 5502
The DNS server received a bad TCP-based message from [IP
NUMBER]. The packet was rejected or ignored.

Any idea what this could possibly mean?

Thanks in advance,

Glen
Click to expand...

What's the IP it's coming from? An internal one or external one?

Also, take a look here. It says you can ignore it. But curious what the IP
is.
http://www.eventid.net/display.asp?eventid=5502


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
External IP: 216.205.151.202.

Glen


Ace Fekay said:
In
Glen Patchet said:
I keep getting this cryptic message in my DNS Server Event
Log:

Event ID: 5502
The DNS server received a bad TCP-based message from [IP
NUMBER]. The packet was rejected or ignored.

Any idea what this could possibly mean?

Thanks in advance,

Glen
Click to expand...

What's the IP it's coming from? An internal one or external one?

Also, take a look here. It says you can ignore it. But curious what the IP
is.
http://www.eventid.net/display.asp?eventid=5502


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Click to expand...
 
In
Glen Patchet said:
External IP: 216.205.151.202.

Glen
Click to expand...

I was hoping for a little more info about your configuration to help
diagnose this for you.

Ok, let me get this straight. Is that IP YOUR external IP or it's just
coming from that address? If it's yours, then can I assume that you have two
NICs in the box? If so, there's a little routine to clean it up.

Can you post an (unedited) ipconfig /all please to get a better picture of
your config and please do add anything that pertains to your config.

Thanks

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Glen Patchet said:
Hi Ace,

Sorry - this is MY IP address, and yes there are two NICs on the
server.

Hope this helps,

Glen

IPCONFIG output:


Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : D11304
Primary DNS Suffix . . . . . . . : ns.gkmedia1.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ns.gkmedia1.com
gkmedia1.com

Ethernet adapter Live:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ S
LA8470B) #2
Physical Address. . . . . . . . . : 00-D0-B7-C9-CB-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 216.205.151.202
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . : 216.205.151.193
DNS Servers . . . . . . . . . . . : 209.235.107.14
209.235.107.16


"Ace Fekay [MVP]"
Click to expand...

Glen, thanks for posting that ipconfig. You said there are two NICs in the
machine. Only one shows up in the ipconfig. Is the other one disabled?

First, assuming that you have AD, it usually means that you need to use and
point (in IP properities) only your DNS server and no external DNS serves.
So curious, what are these two DNS servers:
DNS Servers . . . . . . . . . . . : 209.235.107.14
209.235.107.16
Click to expand...

If they are your ISP's and you are using AD, they should be removed and need
to use only your own DNS server. Maybe that message is due to the fact that
your server is trying to register something into the ISP's but you have your
DNS server set to listen on that interface.

Glen, see if you can help me out with these questions:
Is this a nameserver for external usage or just internal usage?
Are you running AD?
Are both NICs enabled?
Are you running NAT on this machine?

Thanks


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hi Ace,

My mistake, only one NIC is present (former server had two) which is why
only one is listed.

Is this a nameserver for external usage or just internal usage?
External usage.

Are you running AD?
No.

Are both NICs enabled?
Only one NIC.

Are you running NAT on this machine?
No.

This is a dedicated server set up by DellHost which explains why you see the
two DNSs listed (they configured it this way). Should I change these to my
IP instead?

Thanks,
Glen
 
In
Glen Patchet said:
Hi Ace,

My mistake, only one NIC is present (former server had two) which is
why only one is listed.

Is this a nameserver for external usage or just internal usage?
External usage.

Are you running AD?
No.

Are both NICs enabled?
Only one NIC.

Are you running NAT on this machine?
No.

This is a dedicated server set up by DellHost which explains why you
see the two DNSs listed (they configured it this way). Should I
change these to my IP instead?

Thanks,
Glen

"Ace Fekay [MVP]"
Click to expand...

Oh, I see now! Interesting scenario. DellHost? Actually have never used
their services. I just did an nslookup on one of the IPs and comes back as
theirs. I should have just done that earlier. But you know what, give that a
try and see if it helps. If they configured it to use their servers for a
specific reason, then why not use theirs. But if you're using it for
external queries, then I would use your own server and not theirs. Give it a
shot and shout back with your results.

Interesting that your IP of this server comes back in nslookup as their
domain name:
C:\>nslookup 216.205.151.202
Server: ponyexpress.bandwidthpros.com
Address: 208.47.39.10

Name: 202-216.205.151.dellhost.com
Address: 216.205.151.202
================================

but when I did an nslookup on gkmedia1.com, it returns as this:
gkmedia1.com
Click to expand...
Server: ponyexpress.bandwidthpros.com
Address: 208.47.39.10

Name: gkmedia1.com
Address: 216.205.151.202
================================

Interesting that it comes back one way with the domain query and another
with the reverse. I would think that you would want it consistent,
especially if you were to run mail services (not sure if you're planning on
that) and other domains that do reverse lookups to weed out spammers.

So, wouldn't you want the reverse entry to show as:
D11304.ns.gkmedia1.com?

You'll have to talk to them about that since they own the IP block.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top