I'm receiving a lot of DNS event log 5504 errors from four hosts, all with an IP address of 216.73.8x.10. What are they?

John Savill

October 9, 2005

1 Min Read
ITPro Today logo in a gray background | ITPro Today

A. The four hosts are 216.73.81.10, 216.73.85.10, 216.73.86.10 and 216.73.87.10, which are the name servers for doubleclick.net, although you might see other addresses. The event description is:

The DNS server encountered an invalid domain name in a packet from . The packet is rejected.

You might find the clients trying to contact various other servers, such as buy.rpts.net, ad.doubleclick.net, and ebay.doubleclick.net. The error is caused by the DNS cache-pollution protection not accepting resolutions from nonauthoritative servers. (See the Microsoft article "Description of the DNS Server Secure Cache Against Pollution setting," http://support.microsoft.com/?kbid=316786 for more information). You could consider blocking doubleclick.net at the firewall or monitor the traffic at a firewall level to ascertain which machines on your network are originating the requests.

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like