Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

The DNS server received a bad TCP-based DNS message from 192.168.128.5.  The packet was rejected or ignored. The event data contains the DNS packet.

Posted on 2006-04-30
12
Medium Priority
?
7,280 Views
Last Modified: 2012-06-21
Hello,

I've been getting this message in my DNS Event Log on my Win2003 server.

The DNS server received a bad TCP-based DNS message from 192.168.128.5.  The packet was rejected or ignored. The event data contains the DNS packet.

What does it mean?

Thanks
0
Comment
Question by:Steviek411
  • 5
  • 5
  • 2
12 Comments
 
LVL 11

Expert Comment

by:grsteed
ID: 16572970
Have a look at these others with the same problem

http://groups.google.com/groups?as_q=5502&num=100&scoring=r&hl=en&ie=UTF-8&as_epq=DNS+server+received+a+bad+TCP-based+DNS+message&as_oq=&as_eq=&as_ugroup=&as_usubject=&as_uauthors=&lr=lang_en&as_drrb=q&as_qdr=&as_mind=1&as_minm=1&as_miny=1981&as_maxd=5&as_maxm=4&as_maxy=2005&safe=off

Many seem to think it can be ignored, but I would want to know what's causing it. Do you have Network Monitor installed on your server?  (It can be installed from Add/Remove programs from "Management and Monitor I think) You can set up a packet capture to look for DNS packets to determine the source of these "Bad" TCP packets as well as what type of query it is.

If you can catch it, post it here and we can help you decode it.

Just re-read your post, you have the source of 192.168.128.5. Do you know what system this is and what may be running on it?   Anything in it's event log?


Cheers,

Gary
0
 
LVL 1

Author Comment

by:Steviek411
ID: 16572983
This IP is itself. Will Network Monitor still capture it?
0
 
LVL 11

Expert Comment

by:grsteed
ID: 16573248
Yeah it should still catch it.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16573310
Steve, do you have any other domain controllers that are running DNS?
Is your DNS active-directory integrated or primary/secondary?
0
 
LVL 1

Author Comment

by:Steviek411
ID: 16573331
Yes I do have other domain controllers running DNS and this server is the primary.
0
 
LVL 1

Author Comment

by:Steviek411
ID: 16573337
Im running the network monitor now and ill examine the log once I get another message in the event log.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16573365
Would be interested to know if you are receiving similar events in the other dns servers?
0
 
LVL 1

Author Comment

by:Steviek411
ID: 16577567
On my other DNS server there is similar events but the ip's the bad packets are originating from are public IP addresses.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16577669
Are you hosting your own external DNS or is this done by your ISP/ Zone transfers are done on port 53 tcp whereas normal dns lookups are done on port 53 udp. Do you have the ISP's dns in your dns entries or are these dealt with via forwarders/root hints on your dns servers?
0
 
LVL 1

Author Comment

by:Steviek411
ID: 16577763
No I am not hosting an external DNS. My ISP's DNS  are in my DNS entries.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 16577799
That may be where your issue is starting from. The entries in your dns server (tcpip - advanced)section should be your own dns servers. In the dns service manager, you have the forwarder tab. this is where you should have your ISP dns entries. Then, all clients look to your dns servers for resolution. The servers lookin AD for the answers and if they cannot find it, they use the forwarder entries to go out to the Internet.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16702146
Excellent. Thanks very much.

regards
keith
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question