The DNS server received a bad TCP-based DNS message from 192.168.128.5. The packet was rejected or ignored. The event data contains the DNS packet.

Hello,

I've been getting this message in my DNS Event Log on my Win2003 server.

The DNS server received a bad TCP-based DNS message from 192.168.128.5.  The packet was rejected or ignored. The event data contains the DNS packet.

What does it mean?

Thanks
LVL 1
Steviek411Asked:
Who is Participating?
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
That may be where your issue is starting from. The entries in your dns server (tcpip - advanced)section should be your own dns servers. In the dns service manager, you have the forwarder tab. this is where you should have your ISP dns entries. Then, all clients look to your dns servers for resolution. The servers lookin AD for the answers and if they cannot find it, they use the forwarder entries to go out to the Internet.
0
 
grsteedCommented:
Have a look at these others with the same problem

http://groups.google.com/groups?as_q=5502&num=100&scoring=r&hl=en&ie=UTF-8&as_epq=DNS+server+received+a+bad+TCP-based+DNS+message&as_oq=&as_eq=&as_ugroup=&as_usubject=&as_uauthors=&lr=lang_en&as_drrb=q&as_qdr=&as_mind=1&as_minm=1&as_miny=1981&as_maxd=5&as_maxm=4&as_maxy=2005&safe=off

Many seem to think it can be ignored, but I would want to know what's causing it. Do you have Network Monitor installed on your server?  (It can be installed from Add/Remove programs from "Management and Monitor I think) You can set up a packet capture to look for DNS packets to determine the source of these "Bad" TCP packets as well as what type of query it is.

If you can catch it, post it here and we can help you decode it.

Just re-read your post, you have the source of 192.168.128.5. Do you know what system this is and what may be running on it?   Anything in it's event log?


Cheers,

Gary
0
 
Steviek411Author Commented:
This IP is itself. Will Network Monitor still capture it?
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
grsteedCommented:
Yeah it should still catch it.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Steve, do you have any other domain controllers that are running DNS?
Is your DNS active-directory integrated or primary/secondary?
0
 
Steviek411Author Commented:
Yes I do have other domain controllers running DNS and this server is the primary.
0
 
Steviek411Author Commented:
Im running the network monitor now and ill examine the log once I get another message in the event log.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Would be interested to know if you are receiving similar events in the other dns servers?
0
 
Steviek411Author Commented:
On my other DNS server there is similar events but the ip's the bad packets are originating from are public IP addresses.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Are you hosting your own external DNS or is this done by your ISP/ Zone transfers are done on port 53 tcp whereas normal dns lookups are done on port 53 udp. Do you have the ISP's dns in your dns entries or are these dealt with via forwarders/root hints on your dns servers?
0
 
Steviek411Author Commented:
No I am not hosting an external DNS. My ISP's DNS  are in my DNS entries.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Excellent. Thanks very much.

regards
keith
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.