Windows AD DNS: Event ID 5504

windows windows-server-2003 domain-name-system active-directory
8,130

While still trying to track this down the 5504 errors stopped appearing... I guess it may have been something running on a particular client machine hitting the DNS server in question. Hard to say.

Some additional info can be found in this technet forums thread.

Share:
8,130
Chris_K
Author by

Chris_K

I dabble. A lot. https://about.me/chris.kasten for more

Updated on September 17, 2022

Comments

  • Chris_K
    Chris_K over 1 year

    Two of my AD controllers (both running DNS service) appear to be having a similar issue. Both are throwing lots of events in the DNS events that look like this:

    Event Type: Information
Event Source:   DNS
Event Category: None
Event ID:   5504
Date:       5/24/2010
Time:       11:51:38 AM
User:       N/A
Computer:   ALPHA
Description:
The DNS server encountered an invalid domain name in a packet from 76.74.137.6. The packet will be rejected. The event data contains the DNS packet.

    That will come with the same event, same time, with a packet from 76.74.137.7 as well. I know this is "Information" not an error, but since it is new and different it bothers me (yes, I fear unexplained change!)

    Both machines are running Windows 2003 R2 SP2. The DNS servers are not exposed to the internet.
    Both DNS servers are configured to use OpenDNS for Forwarders.
    For both servers, this started about a week ago.

    Any thoughts on:
    1) should I be concerned?
    2) how can I stop/fix this?

    To keep it interesting, I have a 3rd AD / DNS box. Same domain, different Active Directory site. Same forwarders, yet doesn't have this issue.

    [Update]
    On a whim, I changed the forwarders on one of the DNS servers to use Google's public DNS (8.8.8.8 and 8.8.4.4) instead of OpenDNS. Didn't change anything, so I think I can eliminate the forwarders as the cause.

    • Philip
      Philip almost 14 years
      Do any of your machines connect over a VPN to your network?
    • Chris_K
      Chris_K almost 14 years
      @Chris - Our employees all have the ability to connect over a VPN to our network (using windows native client and a win2k3 RAS server).
  • Chris_K
    Chris_K almost 14 years
    I can confirm that "Secure cache against pollution" check box was already selected. (more here on that topic: support.microsoft.com/default.aspx?scid=kb;en-us;241352)
  • Chris_K
    Chris_K almost 14 years
    all 3 AD/DNS boxes are on private IPs, but all 3 are using OpenDNS for Forwarders. (does that answer the question)?
  • Alex
    Alex almost 14 years
    Close. Then check the "smart cache" settings and "network shortcuts" over at OpenDNS under the IP address of the subnet for that DNS server. I assuming you have multiple IP settings over at openDNS.
  • Chris_K
    Chris_K almost 14 years
    Gotcha. First two are in an OpenDNS "named" network. Smart cache is off and there are no network shortcuts. 3rd AD is not in a named OpenDNS network so definitely none of the above there.
  • Alex
    Alex almost 14 years
    Then the only thing I can think of would be packet loss to the troubled server. And you are sure openDNS are the only forwarders setup on that server? for the heck of it, can you add "ns1.vpsville.ca" in the openDNS white list?
  • Alex
    Alex almost 14 years
    or to the blacklist it if not needed.
  • Chris_K
    Chris_K almost 14 years
    @Saif - I don't think it is an OpenDNS related issue. I changed one of the servers to use Google's DNS servers as forwarders and still see the same events.
  • Chris_K
    Chris_K almost 14 years
    Once I figure out who is initiating the DNS request (so I know when to expect it) I plan to sniff out the packets and see what's going on. Could just be a DNS record that 2k3 can't handle. Maybe.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Windows Cannot View Domain Location
How can I see all users of domain in this PC?
Broken DNS delegation
GPO refresh error - Policy Refresh has not completed in the expected time. Exiting
Cannot connect Windows 7 machine to windows 2003 domain
Error when adding to the domain : the specified server cannot perform the requested operation
Group Policy for DNS Server Addresses
Cannot Join Client Computer to Server Domain (Windows Server 2012 r2)?
Windows Server 2008 Domain alias for users to log on to?
How do I grant local administrator rights, but not Domain Administrator Rights?