Event 5504

[Alerrandro]

Hello

My DNS log is recording a lot of Events (id 5504) like this one:
The DNS server encountered an invalid domain name in a packet from
200.204.0.9. The packet is rejected.

I selected "secure cache against pollution" option in advanced and it didnt
work.

I am using Windows 2000 Server with SP4.

Anyone has ideas ?

Thanks

 

[Ace Fekay [MVP]]

In

Hello

My DNS log is recording a lot of Events (id 5504) like this one:
The DNS server encountered an invalid domain name in a packet from
200.204.0.9. The packet is rejected.

I selected "secure cache against pollution" option in advanced and it
didnt work.

I am using Windows 2000 Server with SP4.

Anyone has ideas ?

Thanks

Do you have a forwarder configured to go to your ISP's DNS?

Just make sure you point ONLY to your internal DNS server (no ISP's) and
then configure a forwarder, along with the Secure Cache setting, you should
be good to go. Let us know how you make out.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Alerrandro]

Do you have a forwarder configured to go to your ISP's DNS?

Just make sure you point ONLY to your internal DNS server (no ISP's) and
then configure a forwarder, along with the Secure Cache setting, you should
be good to go. Let us know how you make out.

Hi Ace,

It worked fine, I configured the forward to my external DNS and delete all
root hints in the internal DNS. )

Thanks !

Alerrandro

 

[Alerrandro]

Well, it worked for few hours and start again. Now I receive new messages
too:

Event ID: 7063
The DNS server is configured to forward to a non-recursive DNS server at
200.160.0.5.

DNS servers in forwarders list MUST be configured to process recursive
queries.
Either
1) fix the forwarder (200.160.0.5) to allow recursion
- connect to it with DNS Manager
- bring up server properties
- open "Advanced" tab
- uncheck "Disable Recursion"
- click OK
OR
2) remove this forwarder from this servers forwarders list
- DNS Manager
- bring up server properties
- open "Forwarders" tab
- remove (200.160.0.5) from list of forwarders
- click OK

The strange is that I dont have this 200.160.0.5 as forward in any of my DNS
servers, and Recursion is working. This IP (200.160.0.5) change in another
messages.

Ideas?

Alerrandro

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Well, it worked for few hours and start again. Now I receive new
messages too:

Event ID: 7063
The DNS server is configured to forward to a non-recursive DNS server
at 200.160.0.5.

DNS servers in forwarders list MUST be configured to process recursive
queries.
Either
1) fix the forwarder (200.160.0.5) to allow recursion
- connect to it with DNS Manager
- bring up server properties
- open "Advanced" tab
- uncheck "Disable Recursion"
- click OK
OR
2) remove this forwarder from this servers forwarders list
- DNS Manager
- bring up server properties
- open "Forwarders" tab
- remove (200.160.0.5) from list of forwarders
- click OK

The strange is that I dont have this 200.160.0.5 as forward in any of
my DNS servers, and Recursion is working. This IP (200.160.0.5)
change in another messages.

Ideas?

Alerrandro

Well that IP is for one of the .br TLD name servers (are you in Brazil
maybe?). You should try a different forwarder every once in a while one of
these pop up, I think it may have somethng to do with how your ISP has their
DNS configured. Using a different DNS as a forwarder usually clears it up.
You could try 4.2.2.2.

 

[Alerrandro]

Well that IP is for one of the .br TLD name servers (are you in Brazil
maybe?). You should try a different forwarder every once in a while one of
these pop up, I think it may have somethng to do with how your ISP has their
DNS configured. Using a different DNS as a forwarder usually clears it up.
You could try 4.2.2.2.

Hello Kevin,

I think I should explain better, because I tried alot of things and nothing
worked.

I have 2 internal DNS servers and 2 external DNS servers, all of them with
the same zone. Internal servers have all records and external servers have
DMZ records.

All internal clients query internal DNS servers, when I started working here
(last week), these servers didnt use forwarders and the Root Hints were
configured. The external servers were exactly the same configuration.

When I saw the event viewer, there were tons of 5504, and I start to search
for a solution.

First I tried to use the "Secure cache against pollution" option. And only
this didnt work.

Then I configured forwarders in the internal servers, pointing to external
servers, removed recursion (because of 7063 events, with this they stopped)
and removed Root Hints. In this moment, the external servers start to create
5504 events in the internal servers (before were NS from internet) and the
5504 events, as before, started to be logged in the external servers.

Then I put this server 4.2.2.2 in the external servers as forwarder,
disabled recursion and removed root hints (as I did in the internal ones).
But clients couldnt resolve names anymore.

I guess it's more clear now about what is happing and what I tried.

Can you help me ?

Thanks!

Alerrandro

p.s: I am from Brazil

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hello Kevin,

I think I should explain better, because I tried alot of things and
nothing worked.

I have 2 internal DNS servers and 2 external DNS servers, all of them
with the same zone. Internal servers have all records and external
servers have DMZ records.

All internal clients query internal DNS servers, when I started
working here (last week), these servers didnt use forwarders and the
Root Hints were configured. The external servers were exactly the
same configuration.

When I saw the event viewer, there were tons of 5504, and I start to
search for a solution.

First I tried to use the "Secure cache against pollution" option. And
only this didnt work.

Then I configured forwarders in the internal servers, pointing to
external servers, removed recursion (because of 7063 events, with
this they stopped) and removed Root Hints. In this moment, the
external servers start to create 5504 events in the internal servers
(before were NS from internet) and the 5504 events, as before,
started to be logged in the external servers.

Then I put this server 4.2.2.2 in the external servers as forwarder,
disabled recursion and removed root hints (as I did in the internal
ones). But clients couldnt resolve names anymore.

You disabled recursion on the advanced Tab? If yes, wrong thing to do.

You can check "Do not use recursion" on the Forwarders tab, this is not the
same as disabling on the advanced tab.
Disable recursion on the advanced tab will stop you DNS from resolving any
name it does not own. "Do not use recursion" on the forwarders tab will keep
your DNS from using its root hints.

I guess it's more clear now about what is happing and what I tried.

Yes it is, refresh my memory I'm not sure if you've mentioned in the thread.
Are you getting the 5504 on the DNS server in the DMZ?
Give me further info, do you have DDNS turned off on the DMZ server? I'm
assuming here that it is not a domain member machines in the DMZ should not
be domain members and should have DDNS turned off.

Can you help me ?

I can try I'm trying to get a picture of your network setup, it is getting
more clear.

 

[Alerrandro]

Then Kevin made his reply below:

You disabled recursion on the advanced Tab? If yes, wrong thing to do.

You can check "Do not use recursion" on the Forwarders tab, this is not the
same as disabling on the advanced tab.
Disable recursion on the advanced tab will stop you DNS from resolving any
name it does not own. "Do not use recursion" on the forwarders tab will keep
your DNS from using its root hints.

No, I only checked "Do not use recursion" on the forwarders tab.

Yes it is, refresh my memory I'm not sure if you've mentioned in the thread.
Are you getting the 5504 on the DNS server in the DMZ?
Give me further info, do you have DDNS turned off on the DMZ server? I'm
assuming here that it is not a domain member machines in the DMZ should not
be domain members and should have DDNS turned off.

Yes, I am getting 5504 in the DMZ and in the internal servers too. In the
internal servers, the IP address in the 5504 is always from my external
servers.

This problem is driving me crazy...

 

[Kevin D. Goodknecht Sr. [MVP]]

In

No, I only checked "Do not use recursion" on the forwarders tab.


Yes, I am getting 5504 in the DMZ and in the internal servers too. In
the internal servers, the IP address in the 5504 is always from my
external servers.

This problem is driving me crazy...

Are your external DNS servers using that address as a forwarder?
If yes remove that forwarder and put in one that supports recursion.

When you use a forwarder your DNS server becomes a caching proxy to that
server, so it is like pointing to the non-recursive DNS directly.
Non-recursive DNS servers *will* *not* resolve names it does not have in its
database.
You may contact your ISP for a list of DNS resolvers to use, or you can
forward to another DNS server that is geographically close to you that will
answer with recursion.

Try this:
nslookup
set d2

use the change server command to point to another DNS server you want to try
if it has recursion available it will answer like this:

Got answer (43 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion
avail.
questions = 1, answers = 1, authority records = 0, additional = 0

If it doesn't it will answer like this:

Got answer (151 bytes):
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: response, want recursion
questions = 1, answers = 0, authority records = 3, additional = 3

Notice the missing "recursion avail."

 

[Alerrandro]

Are your external DNS servers using that address as a forwarder?
If yes remove that forwarder and put in one that supports recursion.

I put 4.2.2.2 and it supports recursion, but the problem remains...

 

[Ace Fekay [MVP]]

A 5504 error just says that there's an invalid domain name or host name.
See here:
http://www.eventid.net/display.asp?eventid=5504&source=

Are there any underscores or any other oddball characters in your machine
names?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory