On a 2008r2 Domain Controller, with Exchange Exchange 2010 installed (I am very aware that this is not optimal, but when you inherit a client network...)
Event ID 5502 repeated every ~62.5 seconds with the text
The DNS server received a bad TCP-based DNS message from 127.0.0.1. The packet was rejected or ignored. The event data contains the DNS packet.
As Wireshark is unable to capture from loopback, I used RawCap
to capture traffic on the loopback interface for several minutes, and then opened up the capture in WireShark, which shows a repeated malformed packet as per the attached.
While I have stopped the event from showing by changing DNS event logging from "All events" to "Errors and warnings", I am interested in why might be causing this, especially with the frequency of recurrence...