The DNS server encountered an invalid domain name in a packet from

Posted on 2004-11-10
Last Modified: 2010-04-19
We are getting repeated  error messages on our 2003 domain controllers which are dns servers

 Eventid:5504 Source: DNS
"The DNS server encountered an invalid domain name in a packet from The packet will be rejected. The event data contains the DNS packet."
Doing a whosis lookup on reveals that:

OrgName:    Double Click, Inc.
OrgID:      DOUBLE-3
Address:    450 West 33rd Street 16th floor
City:       New York
StateProv:  NY
PostalCode: 10001
Country:    US

NetRange: -
NetHandle:  NET-216-73-80-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Assignment
RegDate:    2001-07-12
Updated:    2003-06-11


So my question is, how is it that a public IP is trying to register with my internal DNS server?? Is this some security hole or does someone on our LAN had spyware and is spamming some kind of invalid DNS requests.. Please help!
Question by:SANG501
    LVL 51

    Expert Comment

    Sounds like spyware alright...

    Run some scans on your servers - if you only have a few workstations then on those too.  If you have too many to deal with manually, you might be able to turn on IP accounting on the router to see if you can pinpoint the source.

    I'll see what else I can dig up.
    LVL 51

    Expert Comment


    If your IP is somewhat close to this, they may have incorrectly setup their server - but, I have trouble believing that.
    LVL 18

    Accepted Solution

    If you search using google for the phrase:

    "The DNS server encountered an invalid domain name in a packet from The packet will be rejected. The event data contains the DNS packet."

    you'll see there are other users complaining about the same address. Could be a bad configured dns at doubleclick.

    Maybe a mail to we'll help.

    Some people say that disabling forwarders and let internal dns use only root hints we'll solve that type of problem. I cannot confirm that since I use forwarders for speed.

    You may try to see if you have a domain controller that points to a non dns computer for name resolution.

    You may also try to see if the dns is serving requests on the local network (local nic) or on local and Internet. Is your dns serving requests from Internet?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    It is a known fact that servers reach the end of their lives. Some get there quicker than others, based on age, manufacturer, usage and several other factors. However, if your organization has spent time deploying Microsoft's Active Directory server…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now