Windows AD DNS: событие с кодом 5504

Два из моих контроллеров AD (оба работают под управлением службы DNS), похоже, имеют похожую проблему. Оба выдают множество событий в событиях DNS, которые выглядят так:

Это произойдет с тем же событием, в то же время, с пакетом из 76.74.137.7. Я знаю, что это «информация», а не ошибка, но, поскольку она новая и другая, она беспокоит меня (да, я боюсь необъяснимых изменений!)

Обе машины работают под управлением Windows 2003 R2 SP2. DNS-серверы не открыты для интернета.
Оба DNS-сервера настроены на использование OpenDNS для серверов пересылки.
Для обоих серверов это началось около недели назад.

Любые мысли о:
1) я должен быть обеспокоен?
2) как я могу остановить / исправить это?

Чтобы было интересно, у меня есть 3-й ящик AD / DNS. Один домен, другой сайт Active Directory. Те же пересылки, но не имеют этой проблемы.

[Обновить]
По какой-то причине я изменил серверы пересылки на одном из DNS-серверов, чтобы использовать общедоступный DNS Google (8.8.8.8 и 8.8.4.4) вместо OpenDNS. Ничего не изменилось, поэтому я думаю, что могу устранить экспедиторов как причину.

3 ответа

Все еще пытаясь отследить это, 5504 ошибки перестали появляться. Я предполагаю, что это могло быть что-то работающее на определенной клиентской машине, поражающей DNS-сервер, о котором идет речь. Тяжело сказать.

Некоторая дополнительная информация может быть найдена в этой ветке форумов technet.

Я видел одно и то же сообщение об ошибке с того же IP. Мой флажок «защищен от загрязнения» также отмечен. Что-то с этим конкретным IP?

Проверьте эту ссылку. перейдите к (4) в разделе «Устранение распространенных проблем DNS».

5504 код windows server

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Asked by:

General discussion

Symptom

A DNS server may frequently record the Event ID 5504 error in the event log:

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 5504
User: N/A
Computer: Computer_name
Description: The DNS server encountered an invalid domain name in a packet from IP_Address .
The packet is rejected.

Cause

Event ID 5504 is logged when a DNS Server receives a packet containing an invalid domain name. There are many possible causes.

1. The DNS cache becomes corrupt with invalid domain names.

2. The DNS Server receives a spoofed response.

3. The DNS response contains domain names with characters other than 0-9, a-z, A-Z, . (Period), and — (Hyphen).

4. The DNS Server has been configured with invalid forwarders

5. The network the DNS server resides on is busy or not working properly.

Resolution

The following are general troubleshooting steps for this issue:

1. Secure the DNS cache against pollution.

a) Open DNS Management snap-in and then open the Properties dialog for the DNS server.

b) Click the Advanced tab, check the Secure Cache against Pollution option, and then click OK.

c) After enabling this setting, right-click the applicable DNS server and select Clear Cache, then restart the DNS Server service.

2. Verify that the forwarder list on the DNS server is pointing to recursive DNS servers. To view the forwarders, please perform the following steps:

a) Open DNS Management snap-in and then open the Properties dialog for the DNS server.

b) Click the Forwarders tab, you can view the existing forwarders.

3. Some third party DNS servers may be using records of a type that aren’t supported by Windows DNS servers, such as the DNAME resource record.

920162 Event 5504 is logged when a Windows Server 2003-based DNS server receives a packet that contains a DNAME resource record

4. Another example where DNS will produce the Event ID 5504 error is when Extended DNS (EDNS) packets are received but the server that is attempting to resolve the EDNS traffic doesn’t support EDNS or have it enabled. An easy workaround is to disable EDNS.

dnscmd /Config /EnableEDnsProbes 0

More Information

DNS Best Practices

Applies to

• Windows Server® 2003 operating system
• Windows Server® 2008 operating system
• Windows Server® 2008 R2 operating system

All replies

I’m not sure whether this is the appropriate place to add this but — a (possible) cause that I have seen which is not mentioned above is a request for an AAAA record (IPv6 address) being responded to with an A record (IPv4 address).

DNS debug logging (Windows 2008 R2 SP1) captured requests to 192.225.156.200 and the corresponding responses. In each case the response was followed in the debug log by the event “ The DNS server encountered an invalid domain name in a packet from 192.225.156.200. The packet will be rejected. The event data contains the DNS packet. ”

The domain name in the response was the same as that in the query, and looks OK.

The logged query shows an AAAA record (IPv6 address) request and the logged response returned an A record (IPv4 address).

http://www.rfc-editor.org/rfc/rfc4074.txt “ Common Misbehavior Against DNS Queries for IPv6 Addresses ” says, under “ Expected Behavior ”:

Suppose that an authoritative server has an A RR but has no AAAA RR

for a host name. Then, the server should return a response to a

query for an AAAA RR of the name with the response code (RCODE) being

0 (indicating no error) and with an empty answer section (see

Sections 4.3.2 and 6.2.4 of [1]). Such a response indicates that

there is at least one RR of a different type than AAAA for the

queried name, and the stub resolver can then look for A RRs.

5504 код windows server

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Asked by:

General discussion

Symptom

A DNS server may frequently record the Event ID 5504 error in the event log:

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 5504
User: N/A
Computer: Computer_name
Description: The DNS server encountered an invalid domain name in a packet from IP_Address .
The packet is rejected.

Cause

Event ID 5504 is logged when a DNS Server receives a packet containing an invalid domain name. There are many possible causes.

1. The DNS cache becomes corrupt with invalid domain names.

2. The DNS Server receives a spoofed response.

3. The DNS response contains domain names with characters other than 0-9, a-z, A-Z, . (Period), and — (Hyphen).

4. The DNS Server has been configured with invalid forwarders

5. The network the DNS server resides on is busy or not working properly.

Resolution

The following are general troubleshooting steps for this issue:

1. Secure the DNS cache against pollution.

a) Open DNS Management snap-in and then open the Properties dialog for the DNS server.

b) Click the Advanced tab, check the Secure Cache against Pollution option, and then click OK.

c) After enabling this setting, right-click the applicable DNS server and select Clear Cache, then restart the DNS Server service.

2. Verify that the forwarder list on the DNS server is pointing to recursive DNS servers. To view the forwarders, please perform the following steps:

a) Open DNS Management snap-in and then open the Properties dialog for the DNS server.

b) Click the Forwarders tab, you can view the existing forwarders.

3. Some third party DNS servers may be using records of a type that aren’t supported by Windows DNS servers, such as the DNAME resource record.

920162 Event 5504 is logged when a Windows Server 2003-based DNS server receives a packet that contains a DNAME resource record

4. Another example where DNS will produce the Event ID 5504 error is when Extended DNS (EDNS) packets are received but the server that is attempting to resolve the EDNS traffic doesn’t support EDNS or have it enabled. An easy workaround is to disable EDNS.

dnscmd /Config /EnableEDnsProbes 0

More Information

DNS Best Practices

Applies to

• Windows Server® 2003 operating system
• Windows Server® 2008 operating system
• Windows Server® 2008 R2 operating system

All replies

I’m not sure whether this is the appropriate place to add this but — a (possible) cause that I have seen which is not mentioned above is a request for an AAAA record (IPv6 address) being responded to with an A record (IPv4 address).

DNS debug logging (Windows 2008 R2 SP1) captured requests to 192.225.156.200 and the corresponding responses. In each case the response was followed in the debug log by the event “ The DNS server encountered an invalid domain name in a packet from 192.225.156.200. The packet will be rejected. The event data contains the DNS packet. ”

The domain name in the response was the same as that in the query, and looks OK.

The logged query shows an AAAA record (IPv6 address) request and the logged response returned an A record (IPv4 address).

http://www.rfc-editor.org/rfc/rfc4074.txt “ Common Misbehavior Against DNS Queries for IPv6 Addresses ” says, under “ Expected Behavior ”:

Suppose that an authoritative server has an A RR but has no AAAA RR

for a host name. Then, the server should return a response to a

query for an AAAA RR of the name with the response code (RCODE) being

0 (indicating no error) and with an empty answer section (see

Sections 4.3.2 and 6.2.4 of [1]). Such a response indicates that

there is at least one RR of a different type than AAAA for the

queried name, and the stub resolver can then look for A RRs.

«Не найдено описание для события с кодом в источнике» сообщение об ошибке отображается в события DNS в Windows Server 2012 R2

Симптомы

Проблема 1

Текст события системы доменных имен (DNS), отображается неправильно в случае средство просмотра и управления компьютером оснастки на серверы DNS под управлением Windows Server 2012 R2 Если установлен, но не установлен.

Проблема 2

Текст события DNS не отображается правильно в узле глобальные журналы диспетчера DNS Windows Server 2012 R2 при установке или более поздней версии ежемесячных обновлений.

Ниже приведен снимок экрана сообщения журнала событий DNS.

Решение

Для устранения ошибки 1

Чтобы устранить проблему, описанную в разделе «Проблема 1», установите .

Примечание. Исправление 3082532 не помогло устранить проблему, описанную в разделе «Проблема 2».

Временное решение

Обходной путь для проблемы 1

Установите до или после установки для временного решения этой проблемы.

Обходной путь для проблемы 2

Просмотр событий DNS в оснастках «Управление компьютером» и средство просмотра событий после установки .

Статус

Корпорация Майкрософт подтверждает, что это проблема продуктов Майкрософт, перечисленных в разделе «Относится к».

Ссылки

См. , которые корпорация Майкрософт использует для описания обновлений программного обеспечения.

5504 код windows server

Общие обсуждения

Symptom

A DNS server may frequently record the Event ID 5504 error in the event log:

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 5504
User: N/A
Computer: Computer_name
Description: The DNS server encountered an invalid domain name in a packet from IP_Address .
The packet is rejected.

Cause

Event ID 5504 is logged when a DNS Server receives a packet containing an invalid domain name. There are many possible causes.

1. The DNS cache becomes corrupt with invalid domain names.

2. The DNS Server receives a spoofed response.

3. The DNS response contains domain names with characters other than 0-9, a-z, A-Z, . (Period), and — (Hyphen).

4. The DNS Server has been configured with invalid forwarders

5. The network the DNS server resides on is busy or not working properly.

Resolution

The following are general troubleshooting steps for this issue:

1. Secure the DNS cache against pollution.

a) Open DNS Management snap-in and then open the Properties dialog for the DNS server.

b) Click the Advanced tab, check the Secure Cache against Pollution option, and then click OK.

c) After enabling this setting, right-click the applicable DNS server and select Clear Cache, then restart the DNS Server service.

2. Verify that the forwarder list on the DNS server is pointing to recursive DNS servers. To view the forwarders, please perform the following steps:

a) Open DNS Management snap-in and then open the Properties dialog for the DNS server.

b) Click the Forwarders tab, you can view the existing forwarders.

3. Some third party DNS servers may be using records of a type that aren’t supported by Windows DNS servers, such as the DNAME resource record.

920162 Event 5504 is logged when a Windows Server 2003-based DNS server receives a packet that contains a DNAME resource record

4. Another example where DNS will produce the Event ID 5504 error is when Extended DNS (EDNS) packets are received but the server that is attempting to resolve the EDNS traffic doesn’t support EDNS or have it enabled. An easy workaround is to disable EDNS.

dnscmd /Config /EnableEDnsProbes 0

More Information

DNS Best Practices

Applies to

• Windows Server® 2003 operating system
• Windows Server® 2008 operating system
• Windows Server® 2008 R2 operating system

Все ответы

I’m not sure whether this is the appropriate place to add this but — a (possible) cause that I have seen which is not mentioned above is a request for an AAAA record (IPv6 address) being responded to with an A record (IPv4 address).

DNS debug logging (Windows 2008 R2 SP1) captured requests to 192.225.156.200 and the corresponding responses. In each case the response was followed in the debug log by the event “ The DNS server encountered an invalid domain name in a packet from 192.225.156.200. The packet will be rejected. The event data contains the DNS packet. ”

The domain name in the response was the same as that in the query, and looks OK.

The logged query shows an AAAA record (IPv6 address) request and the logged response returned an A record (IPv4 address).

http://www.rfc-editor.org/rfc/rfc4074.txt “ Common Misbehavior Against DNS Queries for IPv6 Addresses ” says, under “ Expected Behavior ”:

Suppose that an authoritative server has an A RR but has no AAAA RR

for a host name. Then, the server should return a response to a

query for an AAAA RR of the name with the response code (RCODE) being

0 (indicating no error) and with an empty answer section (see

Sections 4.3.2 and 6.2.4 of [1]). Such a response indicates that

there is at least one RR of a different type than AAAA for the

queried name, and the stub resolver can then look for A RRs.