Re: DNSClient registry key

From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 03/26/04

• Next message: Ace Fekay [MVP]: "Re: DNS Problem: Resolving ONLY the Domain"
• Previous message: Herb Martin: "Re: DNS Caching"
• In reply to: Bill Minser: "Re: DNSClient registry key"
• Next in thread: Bill Minser: "Re: DNSClient registry key"
• Reply: Bill Minser: "Re: DNSClient registry key"
• Messages sorted by: [ date ] [ thread ]

---

Date: Fri, 26 Mar 2004 16:54:47 -0500

In news:u4T57q0EEHA.2404@TK2MSFTNGP11.phx.gbl,
Bill Minser <wdminser@wisc.edu> posted their thoughts, then I offered mine
> I will gladly post the ipconfig /all...
>
>
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : bills_xp
> Primary Dns Suffix . . . . . . . : ourdomain.wisc.edu
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ourdomain.wisc.edu
>
> Ethernet adapter Local Area Connection:
> Connection-specific DNS Suffix . : ourdomain.wisc.edu
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT
> Network Connection
> Physical Address. . . . . . . . . : 00-08-74-35-99-B0
> Dhcp Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> IP Address. . . . . . . . . . . . : 192.168.1.75
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.1.1
> DHCP Server . . . . . . . . . . . : 192.168.1.6
> DNS Servers . . . . . . . . . . . : 192.168.1.5
> Primary WINS Server . . . . . . . : 192.168.1.5
> Lease Obtained. . . . . . . . . . : Thursday, March 25, 2004
> 2:55:41 PM
> Lease Expires . . . . . . . . . . : Friday, April 02, 2004
> 2:55:41 PM
>
> Looks good, right. But if I run, say "nslookup yahoo.com", I get this
> (where xxx.xxx.xxx.xxx is the old ip address of our DC/DNS server) ...
>
> DNS request timed out.
> timeout was 2 seconds.
> Server: UnKnown
> Address: xxx.xxx.xxx.xxx
>
> DNS request timed out.
> timeout was 2 seconds.
> DNS request timed out.
> timeout was 2 seconds.
>
> Just as a check of DNS, I ran "nslookup yahoo.com 192.168.1.5" and it
> worked just fine. XP has the DNS settings from DHCP - its listed in
> the ipconfig stuff. But it is choosing to use xxx.xxx.xxx.xxx
> instead. I searched my entire computer and registry and only found
> the old ip value in HKLM\Software\Policies\Microsoft\Windows
> NT\DNSClient\NameServer. And if I change that registry value, it
> just comes back the next time group policy updates itself. (I can
> force it with gpupdate)
>
> So we looked thru all of our (known) group policy objects and can't
> find this setting anywhere. Anyone have any ideas where it is or how
> I can get rid of it?

Thanks for posting that.

Yes, it does look fine, and I do agree, this is strange. The only thing I
can think of in a GPO is in this section that would push out a reg key:
Computer Config\Windows Settings\Security Settings\Registry.

Not sure why one would want to alter that for a network config. After
looking at the key from your previous post, it looks like a globa config.
Look in your GPO(s) for such a setting.

Only other thing I can think of is a logon or startup script populating that
key. I first thought virus, but then again, I can't imagine this being a
virus or anything like that, after all, if it were, it wouldn'tpopulate your
old DC/DNS settings but rather their own malicious DNS address.

Did someone else setup the system prior to your arrival?

-- 
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
-- 
=================================

---

• Next message: Ace Fekay [MVP]: "Re: DNS Problem: Resolving ONLY the Domain"
• Previous message: Herb Martin: "Re: DNS Caching"
• In reply to: Bill Minser: "Re: DNSClient registry key"
• Next in thread: Bill Minser: "Re: DNSClient registry key"
• Reply: Bill Minser: "Re: DNSClient registry key"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: DNSClient registry key ... Why either of these bits would result in a group policy registry key is ... > looking at the key from your previous post, it looks like a globa config. ... > old DC/DNS settings but rather their own malicious DNS address. ... > Microsoft Windows MVP - Active Directory ... (microsoft.public.win2000.dns) Re: Windows 7 Setup Failure ... I want to install Windows 7 into a VMWare Player ... I created a virtual machine with EasyVMX.com, ... # Settings for VMware Tools ... # This config activates USB ... (microsoft.public.windows.vista.installation_setup) Re: Deploy Firewall Setting ... There is no support for export/import settings in the Windows XP ... netsh.exe firewall show config verbose = ENABLE ... (microsoft.public.windowsxp.security_admin) Re: Windows 7 Setup Failure ... I want to install Windows 7 into a VMWare Player ... I created a virtual machine with EasyVMX.com, ... # Settings for VMware Tools ... # This config activates USB ... (microsoft.public.windows.vista.installation_setup) Windows 7 Setup Failure ... I want to install Windows 7 into a VMWare Player ... I created a virtual machine with EasyVMX.com, ... # Settings for VMware Tools ... # This config activates USB ... (microsoft.public.windows.vista.installation_setup)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)