The DNS server encountered an invalid domain name in a packet from

Posted on 2004-11-10
Medium Priority
Last Modified: 2010-04-19
We are getting repeated  error messages on our 2003 domain controllers which are dns servers

 Eventid:5504 Source: DNS
"The DNS server encountered an invalid domain name in a packet from The packet will be rejected. The event data contains the DNS packet."
Doing a whosis lookup on reveals that:

OrgName:    Double Click, Inc.
OrgID:      DOUBLE-3
Address:    450 West 33rd Street 16th floor
City:       New York
StateProv:  NY
PostalCode: 10001
Country:    US

NetRange: -
NetHandle:  NET-216-73-80-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Assignment
RegDate:    2001-07-12
Updated:    2003-06-11


So my question is, how is it that a public IP is trying to register with my internal DNS server?? Is this some security hole or does someone on our LAN had spyware and is spamming some kind of invalid DNS requests.. Please help!
Question by:SANG501
  • 2
LVL 51

Expert Comment

ID: 12550818
Sounds like spyware alright...

Run some scans on your servers - if you only have a few workstations then on those too.  If you have too many to deal with manually, you might be able to turn on IP accounting on the router to see if you can pinpoint the source.

I'll see what else I can dig up.
LVL 51

Expert Comment

ID: 12550828

If your IP is somewhat close to this, they may have incorrectly setup their server - but, I have trouble believing that.
LVL 18

Accepted Solution

crissand earned 1500 total points
ID: 12557220
If you search using google for the phrase:

"The DNS server encountered an invalid domain name in a packet from The packet will be rejected. The event data contains the DNS packet."

you'll see there are other users complaining about the same address. Could be a bad configured dns at doubleclick.

Maybe a mail to ang@doubleclick.net we'll help.

Some people say that disabling forwarders and let internal dns use only root hints we'll solve that type of problem. I cannot confirm that since I use forwarders for speed.

You may try to see if you have a domain controller that points to a non dns computer for name resolution.

You may also try to see if the dns is serving requests on the local network (local nic) or on local and Internet. Is your dns serving requests from Internet?

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Integration Management Part 2
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question