Event ID 5504

[citimouse]

Hi All,

I have this problem and hope some people can help me fix it. In my event
log, I have this error,

Event Type: Information
Event Source: DNS
Event Category: None
Event ID: 5504
Date: 11/9/2004
Time: 8:33:03 PM
User: N/A
Computer: OSAN
Description:
The DNS server encountered an invalid domain name in a packet from
203.116.1.94. The packet will be rejected. The event data contains the DNS
packet.
Data:
0000: df 37 85 83 01 00 00 00 ß7??....
0008: 01 00 01 00 02 39 32 03 .....92.
0010: 31 31 36 03 31 36 38 03 116.168.
0018: 31 39 32 07 69 6e 2d 61 192.in-a
0020: 64 64 72 04 61 72 70 61 ddr.arpa
0028: 00 00 06 00 01 c0 13 00 .....À.
0030: 06 00 01 00 00 00 00 00 ........
0038: 41 08 70 72 69 73 6f 6e A.prison
0040: 65 72 04 69 61 6e 61 03 er.iana.
0048: 6f 72 67 00 0a 68 6f 73 org..hos
0050: 74 6d 61 73 74 65 72 0c tmaster.
0058: 72 6f 6f 74 2d 73 65 72 root-ser
0060: 76 65 72 73 c0 47 77 54 versÀGwT
0068: b7 e0 00 00 07 08 00 00 ·à......
0070: 03 84 00 09 3a 80 00 09 .?..:?..
0078: 3a 80 :?

I have search through newsgroup and many said that it is due to an illegal
character in

203.116.1.94. 203.116.1.94 is our ISP DNS server.

Maybe I should tell you how is our network is being setup.

All clients DNS in the domain points to our internal Windows 2003 DNS. In
the DNS
properties, Forwarders tab, I have key in our 2 ISP DNS server IP. One of
the DNS sever IP
is 203.116.1.94. It is key into "Selected domain's forwarder IP address
list". "Do not use
recursion for this domain" in uncheck.

In the DNS domain: entry, the only entry is "All other DNS domains".

The first question I should ask is, have I setup my DNS wrongly? If I left
the "Selected
domain's forwarder IP address list" blank, I will receive the same error
message but from
some strange IP that I don't not even know.

Does anyone has any clue?

Thanks.

Best Regards,

Wei Yu

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hi All,

I have this problem and hope some people can help me fix
it. In my event log, I have this error,

Event Type: Information
Event Source: DNS
Event Category: None
Event ID: 5504
Date: 11/9/2004
Time: 8:33:03 PM
User: N/A
Computer: OSAN
Description:
The DNS server encountered an invalid domain name in a
packet from 203.116.1.94. The packet will be rejected.
The event data contains the DNS packet.
Data:
0000: df 37 85 83 01 00 00 00 ß7??....
0008: 01 00 01 00 02 39 32 03 .....92.
0010: 31 31 36 03 31 36 38 03 116.168.
0018: 31 39 32 07 69 6e 2d 61 192.in-a
0020: 64 64 72 04 61 72 70 61 ddr.arpa
0028: 00 00 06 00 01 c0 13 00 .....À.
0030: 06 00 01 00 00 00 00 00 ........
0038: 41 08 70 72 69 73 6f 6e A.prison
0040: 65 72 04 69 61 6e 61 03 er.iana.
0048: 6f 72 67 00 0a 68 6f 73 org..hos
0050: 74 6d 61 73 74 65 72 0c tmaster.
0058: 72 6f 6f 74 2d 73 65 72 root-ser
0060: 76 65 72 73 c0 47 77 54 versÀGwT
0068: b7 e0 00 00 07 08 00 00 ·à......
0070: 03 84 00 09 3a 80 00 09 .?..:?..
0078: 3a 80 :?

I have search through newsgroup and many said that it is
due to an illegal character in

203.116.1.94. 203.116.1.94 is our ISP DNS server.

Maybe I should tell you how is our network is being setup.

All clients DNS in the domain points to our internal
Windows 2003 DNS. In the DNS
properties, Forwarders tab, I have key in our 2 ISP DNS
server IP. One of the DNS sever IP
is 203.116.1.94. It is key into "Selected domain's
forwarder IP address list". "Do not use
recursion for this domain" in uncheck.

In the DNS domain: entry, the only entry is "All other
DNS domains".

The first question I should ask is, have I setup my DNS
wrongly? If I left the "Selected
domain's forwarder IP address list" blank, I will receive
the same error message but from
some strange IP that I don't not even know.

Does anyone has any clue?

Thanks.

Have you created a reverse lookup zone for your local subnet?
It looks to me like you have a machine with an invalid character trying to
get to the internet blackhole DNS server for your 192.168.116 subnet. A
reverse lookup zone should stop these packets from going out.

 

[citimouse]

Hi Jevin,

Thank you for your reply. As I am not well verse in DNS, could you kindly
guide me step by step how to create a reverse look up zone?

Thanks.

Best Regards,

Wei Yu

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hi Jevin,

Thank you for your reply. As I am not well verse in DNS,
could you kindly guide me step by step how to create a
reverse look up zone?

Use the DNS management console, open reverse lookup zones, then action, new
zone, choose standard primary or AD integrated, next, then type in the
network ID "192.168.116" Next and finish. You can set the zone to allow
dynamic updates, or leave it the default No updates. If you choose no
updates, you'll have to manually create the PTR records.
If you allow updates, running the command ipconfig /registerdns should
create the PTR records for you.