Error 5504 Dns
Contents |
Microsoft Tech Companion App Microsoft Technical Communities Microsoft Virtual Academy Script Center Server and Tools Blogs TechNet Blogs windows server 2008 dns error 5504 TechNet Flash Newsletter TechNet Gallery TechNet Library TechNet Magazine TechNet Subscriptions
Dns Error 3000
TechNet Video TechNet Wiki Windows Sysinternals Virtual Labs Solutions Networking Cloud and Datacenter Security Virtualization Downloads dns event 5504 Updates Service Packs Security Bulletins Windows Update Trials Windows Server 2012 R2 System Center 2012 R2 Microsoft SQL Server 2014 SP1 Windows 8.1 Enterprise See all event id ( 5504 ) in source ( microsoft-windows-dns-server-service ) cannot be found trials » Related Sites Microsoft Download Center TechNet Evaluation Center Drivers Windows Sysinternals TechNet Gallery Training Training Expert-led, virtual classes Training Catalog Class Locator Microsoft Virtual Academy Free Windows Server 2012 courses Free Windows 8 courses SQL Server training Microsoft Official Courses On-Demand Certifications Certification overview MCSA: Windows 10 Windows Server Certification
Event Id 5504 Windows 2008 R2
(MCSE) Private Cloud Certification (MCSE) SQL Server Certification (MCSE) Other resources TechNet Events Second shot for certification Born To Learn blog Find technical communities in your area Support Support options For business For developers For IT professionals For technical support Support offerings More support Microsoft Premier Online TechNet Forums MSDN Forums Security Bulletins & Advisories Not an IT pro? Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Home Windows Server 2012 R2 Windows Server 2008 R2 Library Forums We’re sorry. The content you requested has been removed. You’ll be auto redirected in 1 second. DNS Infrastructure DNS Server DNS Server Message Processing DNS Server Message Processing Event ID 5504 Event ID 5504 Event ID 5504 Event ID 5500 Event ID 5501 Event ID 5502 Event ID 5504 Event ID 5505 Event ID 5506 Event ID 5507 Event ID 5508 Event ID 5509 Event ID 5510 Event ID 5511 Event ID 7050 Eve
a few minutes. Join Now I was wondering if this was a cause for concern. We have both an internal DNS (Windows 2003 R2 server which is our Primary Domain Controller) and external DNS (OpenDNS for outside the firewall requests). So dns event id 5501 that IP is in the event log on my internal DNS and belongs to the Czech event id 5504 server 2003 Republic. I see other events with Chinese IPs and other companies and countries that we do not do business with. So, my concern is, since
Kb 198410
these events are on the internal DNS, they're passed/not stopped by the firewall and what isn't being reported? Are there unwanted visitors on my network? Being in the financial industry, understaffed, and somewhat new to the department(and only 3/5ths of the week https://technet.microsoft.com/en-us/library/ee783577(v=ws.10).aspx at that!), I've been trying to convince the higher-ups that investing in an IDS would be good for business, but it's like having a debate with a banana. Event Type: Information Event Source: DNS Event Category: None Event ID: 5504 Date: 5/4/2013 Time: 11:13:34 AM User: N/A Computer: XXXXX Description: The DNS server encountered an invalid domain name in a packet from 31.170.179.179. The packet will be rejected. The event data contains the DNS packet. For more information, see Help and Support https://community.spiceworks.com/topic/340468-dns-event-id-5504-invalid-domain-name-in-a-packet Center at http://go.microsoft.com/fwlink/events.asp.
Data: 0000: e6 d2 85 00 01 00 01 00 æÒ ..... 0008: 00 00 00 00 03 31 37 38 .....178 0010: 03 32 31 32 03 31 33 32 .212.132 0018: 03 32 30 36 07 49 4e 2d .206.IN- 0020: 41 44 44 52 04 41 52 50 ADDR.ARP 0028: 41 00 00 0c 00 01 c0 0c A.....À. 0030: 00 01 00 01 00 00 00 3c .......< 0038: 00 04 1f aa b3 b3 ...ª³³ Reply Subscribe RELATED TOPICS: DNS event ID 408 dns event id 4521 DNS Event 4000   12 Replies Pure Capsaicin OP Little Green Man May 24, 2013 at 4:20 UTC Check here: http://community.spiceworks.com/windows_event But this might be a reverse lookup that failed. Have you done a NSLOOKUP command on that IP address? When I do one it says non-existent domain.... 0 Poblano OP GrandMasterJ May 24, 2013 at 4:57 UTC An NSLookup gives me: "can't find 31.170.179.179: Non-existent domain" 0 Pure Capsaicin OP Little Green Man May 24, 2013 at 5:00 UTC Do you have any reverse ptr records with that IP? 0 Chipotle OP robertp223 May 24, 2013 at 5:14 UTC Here is the Microsoft support article about event 5504. http://support.microsoft.com/kb/920162 More importantly, YES you need an IDS as well as a logging system as well as a top of the line FireWall. If you are in a BankAmazon Amazon Web Services ( AWS ) Relational Data Services ( RDS ) Hadoop Informatica Java Linux Microsoft .Net Internet Information Server (IIS) MS SQL Server Reporting Services https://danieladeniji.wordpress.com/tag/the-dns-server-encountered-an-invalid-domain-name-in-a-packet/ Transact SQL MS Windows PowerShell Win OS MySQL NetApp Quest HomePosts tagged 'The DNS server encountered an invalid domain name in a packet' The DNS server encountered an invalid domain name in a packet Microsoft - DNS Server - DisablingRecursion August 14, 2015August 15, 2015 Daniel Adeniji DNS, DNS - Settings, Domain Name Server (DNS), Microsoft, Recursion, Technical Recursion, event id Server failure, The DNS server encountered an invalid domain name in a packet, The event data contains the DNS packet Background I will like to start a series of articles on how to harden a Microsoft DNS Server. Before we dig in too deep let us first start talking about the weeds out there. What prompts us Reviewing the event id 5504 MS Windows Event Viewer discovered entries that looks like this: Textual: The DNS server encountered an invalid domain name in a packet from 90.23.83.107. The packet will be rejected. The event data contains the DNS packet. Image: Data Since we are referred to the "event data", let us try to make sense of it: .cz What does the error mean? It means that the host listed as the packet from w.x.y.z is sending us a request for a domain suffix that is different from the ones we have not explicitly declared we are handling. The reasons are myriad and can include: An application on that host is specifically sending DNS requests to us The original request was directed at a DNS Server that has been configured to forward DNS requests Network Monitoring Let us use a Network Monitoring tool to read Network requests. As we already have the Microsoft Network Monitoring Tool installed, we will use it. Configure Microsoft Network Monitoring Tool Filter I will suggest that you tighten your filtering and onl