DNS Event 5501 and 5504 pollution...

[Lizardkng]

I continually have DNS events logged in event viewer 5501 and 5504. Ive read the eventID.net fix, to right click on the DNS server (in DNS)choose properties, advanced, and check the box that says "secure cache against polution". But still, Im getting DNS event 5501, and 5504 every 4-5 minutes!

The text of the events reads:

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 5501
Date: 1/2/2003
Time: 11:07:36
User: N/A
Computer: SERVER
Description:
The DNS server encountered a bad packet from 0.0.0.0. Packet processing leads beyond packet length.

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 5504
Date: 1/2/2003
Time: 11:07:29
User: N/A
Computer: SERVER
Description:
The DNS server encountered an invalid domain name in a packet from 0.0.0.0. The packet is rejected.

Whats causing this, and how can I REALLY get it to quit filling up event viewer?

 

[GlenJohnson]

http://www.eventid.net/display.asp?eventid=5501&source=dns

http://www.eventid.net/display.asp?eventid=5504&source=dns

See if anything here helps. Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884
"All human power is a compound of time and patience."
Honore de Balzac (1799 - 1850); French author

 

[Lizardkng]

Yes, Ive read all that already, and read all the articles I can find on how to keep it from happening, including a Microsoft article that had me to edit a registry entry, that was supposed to stop the Event Viewer polution, but its still happening.

 

[bluemartian22]

Hello, I am having the same issue. I am receiving the same error messages at the same time interval, every 4-5 minutes. The only difference is that the IP that is listed in my 5501 event messages is the IP of my ISPs DNS servers which are listed as forwarders in my internal DNS.

I have also followed the Microsoft article which suggested that I edit the registry but my event viewer is still filling with these messages. I have searched a number of website and IT forums for additional information on this problem, but I have been unsuccessful in finding a cause or a solution. I have also contacting my ISP who stated that the problem is not with their DNS servers even though the message indicates the bad packet is coming from their server.

If anyone has any suggestions, please reply. I'm out of ideas.

Thanks

 

[Lizardkng]

Yes, I made the suggested registry changes too, as well as checking the "prevent pollution" box in DNS, with no results.

 

[MadMitch]

I'm seeing the same problem. Followed the suggested steps here and got the same results (no change). Any other suggestions would be appreciated.

 

[crown216]

I'm also getting the 5501 event showing up in my log, however, it is not at the extreme frequency that I have read above. Since my server sits behind a firewall, I have my forwarding zone pointing at my gateway. I'm guessing that the frequency of the event may be dependent on where your users are going or where services that your organization uses are located on the internet. (Since that dictates how many addresses are resolved per DNS query and thus the amount of data sent.) The confusing thing is that Microsoft says that this was fixed as of WinNT 4, SP4. I'm using 2000, SP 3!!

This could be an old bug that has resurfaced. As a former software tester, I've seen it happen.

 

[Lizardkng]

For me, its not happening nerly as much as it used to...its practically stopped all on its own.

However, regarding what crown216 said, it doesnt matter whos browsing, or where theyre going, these events seem to show up even when no one is using the network at all. Unless the server is trying to do things in the background every 4-5 minutes?

Anyway, not quite sure what I finally did to fix it, but its not happening anymore.