DNS error

[pnabby]

I keep getting this message every 15 minutes in DNS Server section of the Event Viewer in Windows Server 2000:

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 5504
Date: 10/26/2004
Time: 12:16:46 AM
User: N/A
Computer:
Description:
The DNS server encountered an invalid domain name in a packet from 198.41.0.4. The packet is rejected.

We have a domain controller "a" on server "a" and a child domain "b" on server "b". Right now users cannot open files from either server in either direction and there are no security restrictions (bad idea) to prevent them.

I know there has to be a dns issue, but I can't figure it out. This just started happening out of the blue.

Any suggestions?

Thanks,
Julie

 

[marsd]

Three possibilities here.
Outside possibility that your root.hints is out of
date.
Another is that someone is spoofing another
nameserver and trying to poison your dns cache
with a bad name.
Another doubtful one is that these guys have screwed something up pretty badly with their config or that what they are doing with it is not kosher with MS.

host -a 198.41.0.4
Trying "4.0.41.198.in-addr.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29026
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;4.0.41.198.in-addr.arpa. IN PTR

;; ANSWER SECTION:
4.0.41.198.in-addr.arpa. 900 IN PTR a.root-servers.net.

;; AUTHORITY SECTION:
0.41.198.in-addr.arpa. 900 IN NS ns2.nsiregistry.net.
0.41.198.in-addr.arpa. 900 IN NS ns3.verisign-grs.net.
0.41.198.in-addr.arpa. 900 IN NS ns4.verisign-grs.net.
0.41.198.in-addr.arpa. 900 IN NS ns1.crsnic.net.

;; ADDITIONAL SECTION:
ns1.crsnic.net. 56635 IN A 198.41.3.39
ns2.nsiregistry.net. 45001 IN A 198.41.3.108
ns3.verisign-grs.net. 96747 IN A 192.153.247.33
ns4.verisign-grs.net. 105380 IN A 192.153.247.34

 

[patrick118]

198.41.0.4. is this server a or b?

Have you changed anything in the forwarders before it happened?

Does Active directory synchronization still work? This is something that happens every 15 minutes. (I thought) Is there a srv record created for the DC for the child domain?

Patrick

 

[marsd]

Nah dude. That address is a ROOT nameserver.
The chances are her root.hints are out of date or that
someone is being a real a$$wit.

 

[pnabby]

198.41.0.4 is not any of our IP addresses. We have a total of 4 servers. The domain controller server is at location "a" and it's child domain is on server "b" 2 miles away. We are using a wireless 45MB connection between the 2 offices; therefore it is as if they are locally connected.

Server "b" and server "c" are at location "b". When I go under DNS on server "b" and click on server "b", domain "c" has an error that says "Zone not loaded by DNS Server" and I cannot fix this. The associated error for this in the event viewer is as follows:

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 10/26/2004
Time: 3:07:43 PM
User: N/A
Computer: SERVERB
Description:
No Windows NT or Windows 2000 Domain Controller is available for domain C. The following error occurred:
There are currently no logon servers available to service the logon request.
Data:
0000: 5e 00 00 c0 ^..À

Also, if I run nslookup on server "b" I get the following error:

***Can't find server name for address bb.bbb.bbb.bbb: Non-existent domain
Default Server: servera.domaina.com
address: aa.aaa.aaa.aaa

Note: bb.bbb.bbb.bbb is the IP address for server "b" and aa.aaa.aaa.aaa is the IP address for server "a" where the primary domain controller resides.

 

[pnabby]

Can anyone tell me what to try next?

TIA,
Julie