I'm receiving a lot of DNS event log 5504 errors from four hosts, all with an IP address of 216.73.8x.10. What are they?

A. The four hosts are 216.73.81.10, 216.73.85.10, 216.73.86.10 and 216.73.87.10, which are the name servers for doubleclick.net, although you might see other addresses. The event description is:

The DNS server encountered an invalid domain name in a packet from <IP address>. The packet is rejected.

You might find the clients trying to contact various other servers, such as buy.rpts.net, ad.doubleclick.net, and ebay.doubleclick.net. The error is caused by the DNS cache-pollution protection not accepting resolutions from nonauthoritative servers. (See the Microsoft article "Description of the DNS Server Secure Cache Against Pollution setting," http://support.microsoft.com/?kbid=316786 for more information). You could consider blocking doubleclick.net at the firewall or monitor the traffic at a firewall level to ascertain which machines on your network are originating the requests.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish