Re: Phantom DNS server
From: Dilan Weerasinghe (dilanw77_at_hotmail.com)
Date: 08/31/04
- Next message: anonymous_at_discussions.microsoft.com: "another name server issue"
- Previous message: Daniel Tan: "Hosting public dns without domain name"
- Next in thread: Kevin D. Goodknecht Sr. [MVP]: "Re: Phantom DNS server"
- Reply: Kevin D. Goodknecht Sr. [MVP]: "Re: Phantom DNS server"
- Messages sorted by: [ date ] [ thread ]
Date: 31 Aug 2004 02:34:32 -0700
"Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in message news:<OJwdojDjEHA.3712@TK2MSFTNGP15.phx.gbl>...
> In news:4df8d57a.0408261146.354d51da@posting.google.com,
> Dilan Weerasinghe <dilanw77@hotmail.com> made a post then I commented below
> > "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in
> > message news:<u7FbX92iEHA.2052@TK2MSFTNGP15.phx.gbl>...
> >> In news:4df8d57a.0408260441.3946cd3a@posting.google.com,
> >> Dilan Weerasinghe <dilanw77@hotmail.com> wrote their comments
> >> Then Kevin replied below:
> >>> Hi NG,
> >>>
> >>> We have noticed that several of our PC's suddenly seem to
> >>> lose their ability to browse the net, connect to our
> >>> Exchange server etc. Basic troubleshooting showed that
> >>> although the actual connectivity was there, name
> >>> resolution seemed to be causing the problem, i.e. we
> >>> could ping internally/externally by IP address but not by
> >>> name.
> >>>
> >>> Checking the IPCONFIG showed that these machines, which
> >>> are all set to DHCP, seemed to be picking up a phantom
> >>> DNS server as opposed to the correct one, e.g.
> >>> 192.168.1.12 as opposed to 192.168.1.1
> >>>
> >>> Rebooting the machines resolves the problem.
> >>>
> >>> When we try to ping the phantom DNS server, we do not get
> >>> a reply. That address itself is excluded from our DHCP
> >>> range and is not currently being used, so i have no idea
> >>> why these workstations are picking this same address all
> >>> the time.
> >>>
> >>> Has anyone experienced this before, or have any
> >>> pointers?? All other settings in IPCONFIG are correct,
> >>> and we have not made any changes to our
> >>> infrastructure/architecture recently.
> >>
> >> It is possible for your clients to get the DNS address from a Group
> >> policy, it would not show in the ipconfig /all but when running
> >> nslookup you will get it.
> >> You're saying that there is no machine at 192.168.1.12?
> >> And that the DHCP server is publishing the address of the local DNS
> >> server 192.168.1.1 and not the IP of the router?
> >> Are you using DHCP on the server or the router? (if you have a
> >> router)
> >>
> >>
> >>
> > Thanks for the reply.
> >
> > No, there is no machine at all on 192.168.1.12, and the DHCP server is
> > configured correctly to give a DNS server address of 192.168.1.1.
> > We are using a DHCP server that has a different address altogether.
> >
> > The strange thing is that this switch happens whilst a user is logged
> > on and has been for a while...not on machine start up or logon.
> >
> > Any ideas?
> >
> > Dilan
>
> I think we're going to need more info to help you out on this one.
>
> Is 192.168.1.1 your router? If it is, is it a Windows machine or a 3rd party
> router?
>
> If you disable DHCP on the 192.168.1.1 machine, and then do an ipconfig
> /release and then an ipconfig /renew, what DHCP server shows up in the
> ipconfig /all?
>
> Honestly, if 192.168.1.1 is not a Windows machine, it would be to your
> advantage, and to AD and DNS' advantage, to use a Windows machine for DHCP
> and DNS, since the two services and APIs are tied together for proper
> dynamic registration performance and reliability.
>
> If this is a Windows DHCP, did you set the Scope Option 006 and Server
> Option 006?
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
Ace,
To clarify;
Our network is configured as following -
DHCP server: 192.168.1.1
DNS Servers: 192.168.1.1/ 192.168.1.2
(All above addresses are static)
All workstations are set to DHCP, and I've checked the scope options
on the DHCP server itself as regards DNS, and it points to the correct
addresses.
Our router is on a completely different address.
The problem is that, randomly, users seem to lose their internet
connection. As I mentioned before, the actual connectivity is there
but the fault lies with name resolution as we can ping
externally/internally by IP address but not by name. Checking the
IPCONFIG shows that the faulty machines are picking up 192.168.1.10 as
their DNS server, although all other settings are correct.
Rebooting the machines solves the problem until it happens again.
I understand that we could set the workstations to statically point at
the correct DNS servers, however this is a workaround, not a solution
and I'd like to find out what's causing this.
The faulty machines always pick up x.10 as the DNS server.
x.10 itself is excluded from our DHCP range for distribution, and is
also not currently being used, so I have no idea why they are picking
this address up as a DNS server.
Many thanks for your help
Dilan
- Next message: anonymous_at_discussions.microsoft.com: "another name server issue"
- Previous message: Daniel Tan: "Hosting public dns without domain name"
- Next in thread: Kevin D. Goodknecht Sr. [MVP]: "Re: Phantom DNS server"
- Reply: Kevin D. Goodknecht Sr. [MVP]: "Re: Phantom DNS server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
