The DNS server encountered an invalid domain name in a packet from 216.73.81.10

We are getting repeated  error messages on our 2003 domain controllers which are dns servers

---------------------------------------------------------------
 Eventid:5504 Source: DNS
"The DNS server encountered an invalid domain name in a packet from 216.73.81.10. The packet will be rejected. The event data contains the DNS packet."
---------------------------------------------------------------
Doing a whosis lookup on 216.73.81.10 reveals that:


OrgName:    Double Click, Inc.
OrgID:      DOUBLE-3
Address:    450 West 33rd Street 16th floor
City:       New York
StateProv:  NY
PostalCode: 10001
Country:    US

NetRange:   216.73.80.0 - 216.73.95.255
CIDR:       216.73.80.0/20
NetName:    DOUBLECLICK-NET
NetHandle:  NET-216-73-80-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Assignment
NameServer: NS1.DOUBLECLICK.NET
NameServer: NS2.DOUBLECLICK.NET
NameServer: NS3.DOUBLECLICK.NET
NameServer: NS4.DOUBLECLICK.NET
Comment:
RegDate:    2001-07-12
Updated:    2003-06-11

---------------------------------------------------------------

So my question is, how is it that a public IP is trying to register with my internal DNS server?? Is this some security hole or does someone on our LAN had spyware and is spamming some kind of invalid DNS requests.. Please help!
LVL 1
SANG501Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Netman66Commented:
Sounds like spyware alright...

Run some scans on your servers - if you only have a few workstations then on those too.  If you have too many to deal with manually, you might be able to turn on IP accounting on the router to see if you can pinpoint the source.

I'll see what else I can dig up.
0
Netman66Commented:
That IP is NS4.DOUBLECLICK.NET

If your IP is somewhat close to this, they may have incorrectly setup their server - but, I have trouble believing that.
0
crissandCommented:
If you search using google for the phrase:

"The DNS server encountered an invalid domain name in a packet from 216.73.81.10. The packet will be rejected. The event data contains the DNS packet."

you'll see there are other users complaining about the same address. Could be a bad configured dns at doubleclick.

Maybe a mail to ang@doubleclick.net we'll help.

Some people say that disabling forwarders and let internal dns use only root hints we'll solve that type of problem. I cannot confirm that since I use forwarders for speed.

You may try to see if you have a domain controller that points to a non dns computer for name resolution.

You may also try to see if the dns is serving requests on the local network (local nic) or on local and Internet. Is your dns serving requests from Internet?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.