Introduction
This document describes how to troubleshoot the Windows DNS server error "The DNS server encountered a bad packet" in Cisco Umbrella.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Windows Server 2008 R2
- Windows Server 2003
Components Used
The information in this document is based on Cisco Umbrella.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Problem
You notice this error that is present in the event viewer of your Windows DNS server after configuring your forwarders to use Cisco Anycast resolvers.
After you deploy a Windows-based DNS server, DNS queries to some domains cannot be resolved successfully, and you see the Event ID 5501 occurring repeatedly in your event viewer logs:
The DNS server encountered a bad packet from X.X.X.X. Packet processing leads beyond packet length. The event data contains the DNS packet.
Where X.X.X.X can list Umbrella's external resolvers: 208.67.220.220 and 208.67.222.222.
Solution
A full solution to this problem can be found in this Microsoft support article: Some DNS name queries are unsuccessful after you deploy a Windows-based DNS server
Cause
This issue occurs because of the Extension Mechanisms for DNS (EDNS0) functionality that is supported in Windows Server DNS.
EDNS0 allows larger User Datagram Protocol (UDP) packet sizes. However, some firewall programs cannot allow UDP packets that are larger than 512 bytes. Therefore, these DNS packets can be blocked by the firewall.
Feedback