Symptom
A DNS server may frequently record the Event ID 5504 error in the event log:
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 5504
User: N/A
Computer: Computer_name
Description: The DNS server encountered an invalid domain name in a packet from IP_Address .
The packet is rejected.
Cause
Event ID 5504 is logged when a DNS Server receives a packet containing an invalid domain name. There are many possible causes.
1. The DNS cache becomes corrupt with invalid domain names.
2. The DNS Server receives a spoofed response.
3. The DNS response contains domain names with characters other than 0-9, a-z, A-Z, . (Period), and — (Hyphen).
4. The DNS Server has been configured with invalid forwarders
5. The network the DNS server resides on is busy or not working properly.
Resolution
The following are general troubleshooting steps for this issue:
1. Secure the DNS cache against pollution.
a) Open DNS Management snap-in and then open the Properties dialog for the DNS server.
b) Click the Advanced tab, check the Secure Cache against Pollution option, and then click OK.
c) After enabling this setting, right-click the applicable DNS server and select Clear Cache, then restart the DNS Server service.
2. Verify that the forwarder list on the DNS server is pointing to recursive DNS servers. To view the forwarders, please perform the following steps:
a) Open DNS Management snap-in and then open the Properties dialog for the DNS server.
b) Click the Forwarders tab, you can view the existing forwarders.
3. Some third party DNS servers may be using records of a type that aren’t supported by Windows DNS servers, such as the DNAME resource record.
920162 Event 5504 is logged when a Windows Server 2003-based DNS server receives a packet that contains a DNAME resource record
http://support.microsoft.com/default.aspx?scid=kb;EN-US;920162
4. Another example where DNS will produce the Event ID 5504 error is when Extended DNS (EDNS) packets are received but the server that is attempting to resolve the EDNS traffic doesn’t support EDNS or have it enabled. An easy workaround is to disable EDNS.
dnscmd /Config /EnableEDnsProbes 0
More Information
Troubleshooting DNS
http://technet2.microsoft.com/WindowsServer/en/library/de2aa69d-1155-4dc9-a651-e836
2f6a81c81033.mspx?mfr=true
DNS Best Practices
http://technet2.microsoft.com/WindowsServer/en/library/59d7a747-48dc-42cc-8986-c73d
b47398a21033.mspx?mfr=true
Applies to
- Windows Server® 2003 operating system
- Windows Server® 2008 operating system
- Windows Server® 2008 R2 operating system
Symptom
A DNS server may frequently record the Event ID 5504 error in the event log:
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 5504
User: N/A
Computer: Computer_name
Description: The DNS server encountered an invalid domain name in a packet from IP_Address .
The packet is rejected.
Cause
Event ID 5504 is logged when a DNS Server receives a packet containing an invalid domain name. There are many possible causes.
1. The DNS cache becomes corrupt with invalid domain names.
2. The DNS Server receives a spoofed response.
3. The DNS response contains domain names with characters other than 0-9, a-z, A-Z, . (Period), and — (Hyphen).
4. The DNS Server has been configured with invalid forwarders
5. The network the DNS server resides on is busy or not working properly.
Resolution
The following are general troubleshooting steps for this issue:
1. Secure the DNS cache against pollution.
a) Open DNS Management snap-in and then open the Properties dialog for the DNS server.
b) Click the Advanced tab, check the Secure Cache against Pollution option, and then click OK.
c) After enabling this setting, right-click the applicable DNS server and select Clear Cache, then restart the DNS Server service.
2. Verify that the forwarder list on the DNS server is pointing to recursive DNS servers. To view the forwarders, please perform the following steps:
a) Open DNS Management snap-in and then open the Properties dialog for the DNS server.
b) Click the Forwarders tab, you can view the existing forwarders.
3. Some third party DNS servers may be using records of a type that aren’t supported by Windows DNS servers, such as the DNAME resource record.
920162 Event 5504 is logged when a Windows Server 2003-based DNS server receives a packet that contains a DNAME resource record
http://support.microsoft.com/default.aspx?scid=kb;EN-US;920162
4. Another example where DNS will produce the Event ID 5504 error is when Extended DNS (EDNS) packets are received but the server that is attempting to resolve the EDNS traffic doesn’t support EDNS or have it enabled. An easy workaround is to disable EDNS.
dnscmd /Config /EnableEDnsProbes 0
More Information
Troubleshooting DNS
http://technet2.microsoft.com/WindowsServer/en/library/de2aa69d-1155-4dc9-a651-e836
2f6a81c81033.mspx?mfr=true
DNS Best Practices
http://technet2.microsoft.com/WindowsServer/en/library/59d7a747-48dc-42cc-8986-c73d
b47398a21033.mspx?mfr=true
Applies to
- Windows Server® 2003 operating system
- Windows Server® 2008 operating system
- Windows Server® 2008 R2 operating system
Two of my AD controllers (both running DNS service) appear to be having a similar issue. Both are throwing lots of events in the DNS events that look like this:
Event Type: Information
Event Source: DNS
Event Category: None
Event ID: 5504
Date: 5/24/2010
Time: 11:51:38 AM
User: N/A
Computer: ALPHA
Description:
The DNS server encountered an invalid domain name in a packet from 76.74.137.6. The packet will be rejected. The event data contains the DNS packet.
That will come with the same event, same time, with a packet from 76.74.137.7 as well. I know this is «Information» not an error, but since it is new and different it bothers me (yes, I fear unexplained change!)
Both machines are running Windows 2003 R2 SP2. The DNS servers are not exposed to the internet.
Both DNS servers are configured to use OpenDNS for Forwarders.
For both servers, this started about a week ago.
Any thoughts on:
1) should I be concerned?
2) how can I stop/fix this?
To keep it interesting, I have a 3rd AD / DNS box. Same domain, different Active Directory site. Same forwarders, yet doesn’t have this issue.
[Update]
On a whim, I changed the forwarders on one of the DNS servers to use Google’s public DNS (8.8.8.8 and 8.8.4.4) instead of OpenDNS. Didn’t change anything, so I think I can eliminate the forwarders as the cause.
Problem : The DNS Server encountered an invalid domain name. Event ID 5504
I am getting this error message in event viewer on a server running Server 2000. The interval between errors is about 15 minutes. This server is a DC and is running Exchange Server 2000.
Event ID 5504
The Dns server encountered an invalid domain name in a packet from 192.168.24.1. The packet is rejected.
The IP listed is the router. If I restart the DNS server service, the error ceases for a few days and then starts again. Also, Incoming mail isn’t being delivered while the error is occurring. DNS Server is setup as a forwarder.
Can anyone provide me any information on how to correct this issue?
Solution: The DNS Server encountered an invalid domain name. Event ID 5504
Seems like we’re getting somewhere; your DNS settings are incorrect; I’m not sure if this causes your 5504 error, but it needs to be fixed.
Assuming DNS is running on your DC: Your DC needs to point to itself *only* for DNS resolution. The clients need to point to your DC as well *only* for DNS. The forwarders section in your DNS is the *only* place in your entire domain where your ISP’s DNS should be listed. If you have a second DC running DNS, let it point to your first DC as primary DNS, to itself as secondary.
In your DNS settings, make sure Dynamic Updates are enabled. Verify that you have a host name entry for your DC, and that the SRV records were created.
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382
Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380
HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003
http://support.microsoft.com/?kbid=816567
How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515