Worrying DNS event (5502)

  • Thread starter Thread starter Kit
  • Start date Start date
K

Kit

I have started getting event 5502 from DNS:
"The DNS server received a bad TCP-based DNS message from [IPADDRESS]. The
packet was rejected or ignored. "

it appears on all the DNS servers that [IPADDRESS] is config'd to replicate
with, including the server itself!

I have re-installed DNS on the server that seems to be sending the bad
messages without joy.

Looking here:
http://www.eventid.net/display.asp?eventid=5502&source=dns
implies there is nothing to worry about, and there are other DNS servers
authoritative for the same zones that are replicating OK, but I'm still
concerned....


__
Kit
 
In
Kit said:
I have started getting event 5502 from DNS:
"The DNS server received a bad TCP-based DNS message from
[IPADDRESS]. The packet was rejected or ignored. "

it appears on all the DNS servers that [IPADDRESS] is config'd to
replicate with, including the server itself!

I have re-installed DNS on the server that seems to be sending the bad
messages without joy.

Looking here:
http://www.eventid.net/display.asp?eventid=5502&source=dns
implies there is nothing to worry about, and there are other DNS
servers authoritative for the same zones that are replicating OK, but
I'm still concerned....


__
Kit
Click to expand...

Are you getting many of them or was it a one time error?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I have started getting event 5502 from DNS:
"The DNS server received a bad TCP-based DNS message from
[IPADDRESS]. The packet was rejected or ignored. "

it appears on all the DNS servers that [IPADDRESS] is config'd to
replicate with, including the server itself!

I have re-installed DNS on the server that seems to be sending the bad
messages without joy.

Looking here:
http://www.eventid.net/display.asp?eventid=5502&source=dns
implies there is nothing to worry about, and there are other DNS
servers authoritative for the same zones that are replicating OK, but
I'm still concerned....
Click to expand...


Are you getting many of them or was it a one time error?
Click to expand...

I'm getting 10-12 an hour on all servers this one replicates (DNS) with,
including itself...
And one an hour of this:

Event ID: 3000 Source: DNS
"The DNS server is logging numerous run-time events. For information about
these events, see previous DNS Server event log entries. To prevent the DNS
Server from clogging server logs, further logging of this event and other
events with higher Event IDs will now be suppressed. "

__
Kit
 
In
Kit said:
I have started getting event 5502 from DNS:
"The DNS server received a bad TCP-based DNS message from
[IPADDRESS]. The packet was rejected or ignored. "

it appears on all the DNS servers that [IPADDRESS] is config'd to
replicate with, including the server itself!

I have re-installed DNS on the server that seems to be sending the
bad messages without joy.

Looking here:
http://www.eventid.net/display.asp?eventid=5502&source=dns
implies there is nothing to worry about, and there are other DNS
servers authoritative for the same zones that are replicating OK,
but I'm still concerned....
Click to expand...


Are you getting many of them or was it a one time error?
Click to expand...

I'm getting 10-12 an hour on all servers this one replicates (DNS)
with, including itself...
And one an hour of this:

Event ID: 3000 Source: DNS
"The DNS server is logging numerous run-time events. For information
about these events, see previous DNS Server event log entries. To
prevent the DNS Server from clogging server logs, further logging of
this event and other events with higher Event IDs will now be
suppressed. "

__
Kit
Click to expand...

I haven't seen this problem with the scenario you described. Do you by
chance have forwarders to each other? That can cause a forwarding loop.

Also, suggest to setup your DCs, if using mutliple DCs/DNS servers such as
this:

DC1:
DNS1=DC2
DNS2=DC1

DC2:
DNS1=DC1
DNS2=DC2

DC3:
DNS1=DC1
DNS2=DC3

Make sense?
And only forward to an external DNS and not to each other, unless it's a
child delegation, then that changes the rules.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
"Ace Fekay [MVP]"
In
Kit said:
I have started getting event 5502 from DNS:
"The DNS server received a bad TCP-based DNS message from
[IPADDRESS]. The packet was rejected or ignored. "

it appears on all the DNS servers that [IPADDRESS] is config'd to
replicate with, including the server itself!

I have re-installed DNS on the server that seems to be sending the
bad messages without joy.

Looking here:
http://www.eventid.net/display.asp?eventid=5502&source=dns
implies there is nothing to worry about, and there are other DNS
servers authoritative for the same zones that are replicating OK,
but I'm still concerned....


Are you getting many of them or was it a one time error?
Click to expand...

I'm getting 10-12 an hour on all servers this one replicates (DNS)
with, including itself...
And one an hour of this:

Event ID: 3000 Source: DNS
"The DNS server is logging numerous run-time events. For information
about these events, see previous DNS Server event log entries. To
prevent the DNS Server from clogging server logs, further logging of
this event and other events with higher Event IDs will now be
suppressed. "

__
Kit
Click to expand...

I haven't seen this problem with the scenario you described. Do you by
chance have forwarders to each other? That can cause a forwarding loop.

Also, suggest to setup your DCs, if using mutliple DCs/DNS servers such as
this:

DC1:
DNS1=DC2
DNS2=DC1

DC2:
DNS1=DC1
DNS2=DC2

DC3:
DNS1=DC1
DNS2=DC3

Make sense?
And only forward to an external DNS and not to each other, unless it's a
child delegation, then that changes the rules.
Click to expand...

Only forwarding to ISP's DNS....
I have changed the DNS config to match what you have entered, it was:

DC1
dns1=DC1
dns2=DC2

DC2
dns1=DC2
dns2=DC1

I'll give that a few hors and see how we do...

Thanks again,

Kit
 
Only forwarding to ISP's DNS....
I have changed the DNS config to match what you have entered, it was:

DC1
dns1=DC1
dns2=DC2

DC2
dns1=DC2
dns2=DC1

I'll give that a few hors and see how we do...
Click to expand...

Sorry Ace...
Still occurs...
The 5502 event also still shows in the event logs of DC1a/DC2a (remote site
A) and DC1b/DC2b (remote site B), both these remote site are separate
Win2000 domains, no trusts or anything just DNS/WINS replication for name
lookups. Sites are connected via VPN btw....

__
Kit
 
In
Kit said:
Sorry Ace...
Still occurs...
The 5502 event also still shows in the event logs of DC1a/DC2a
(remote site A) and DC1b/DC2b (remote site B), both these remote site
are separate Win2000 domains, no trusts or anything just DNS/WINS
replication for name lookups. Sites are connected via VPN btw....

__
Kit
Click to expand...

Hmm, VPN? Maybe that has something to do with it, based on the TCP reset
that generates this error. I assume not using Frame or DSL and using a T1?
Also, is UDP 53 allowed to pass thru? Normally queries and other DNS traffic
occur over UDP 53 unless the packet is larger than 500 bytes, then it would
use TCP. So if it's saying that there's been a TCP reset, then it makes me
wonder why it's not first using UDP?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top