Questions

Wrong DNS Address Received In DHCP Scope

+
0 Votes
Locked

Wrong DNS Address Received In DHCP Scope

kweli
Greetings All:

I am managing a single domanin server wherein the IP Address of the DHCP and DNS Server is 10.0.0.3. With regularity, various client machines will pull a scope with 192.168.1.1 as the DNS Server IP address. When this happens all sorts of things stop resolving and causes errors accessing everything from file shares to e-mail that are located on 10.0.0.3. All clients connect via Cisco Catalyst 2900XL switches.

Does anyone have an idea why the client machines get the faulty DNS IP address in there scope and what the source may be?
  • +
    0 Votes
    CG IT

    check the DHCP option for DNS server see if it's got the right DNS address.

    I'd check the catalyst though.

    +
    0 Votes
    philhartman

    I also have a single Server 2003 network
    where the server is the DC and DHCP server.
    When workstations first turn on they get the
    correct DNS from scope options (it is the
    same as server address). Unfortunately,
    they forget this DNS and somehow show the
    forwarding DNS address after about a day.
    The DHCP logs show the workstations requesting DNS updates, but these are failing. Any hints how to troubleshoot this?

    +
    0 Votes
    lorenzo

    Same setup as Phil, exact same issue to the bone (incl. correct DNS suddenly changing to DNS forwarders). This problem did not occur prior to february this year in my network, and honestly I have no idea what I (or Windows Update) have changed that could cause this.
    Some questions for you Phil:
    - Do you have a router (or other hardware) on your LAN that has DHCP capabilities? If yes - have you disabled the DHCP on this hardware?
    - How long is the lease time for your DHCP addresses? Do you know if the shift from correct DNS to DNS forwarders occurs when the clients try to renew the lease, because this seems to be the case in my network.

    +
    0 Votes
    sgt_shultz

    this is a classic symptom of a rogue dhcp server. do you have somebody bringing in their wireless or other kind of router and sticking on the network? win2003 will only protect you from 'non authorized' dhcp servers if the are windows boxes.

  • +
    0 Votes
    CG IT

    check the DHCP option for DNS server see if it's got the right DNS address.

    I'd check the catalyst though.

    +
    0 Votes
    philhartman

    I also have a single Server 2003 network
    where the server is the DC and DHCP server.
    When workstations first turn on they get the
    correct DNS from scope options (it is the
    same as server address). Unfortunately,
    they forget this DNS and somehow show the
    forwarding DNS address after about a day.
    The DHCP logs show the workstations requesting DNS updates, but these are failing. Any hints how to troubleshoot this?

    +
    0 Votes
    lorenzo

    Same setup as Phil, exact same issue to the bone (incl. correct DNS suddenly changing to DNS forwarders). This problem did not occur prior to february this year in my network, and honestly I have no idea what I (or Windows Update) have changed that could cause this.
    Some questions for you Phil:
    - Do you have a router (or other hardware) on your LAN that has DHCP capabilities? If yes - have you disabled the DHCP on this hardware?
    - How long is the lease time for your DHCP addresses? Do you know if the shift from correct DNS to DNS forwarders occurs when the clients try to renew the lease, because this seems to be the case in my network.

    +
    0 Votes
    sgt_shultz

    this is a classic symptom of a rogue dhcp server. do you have somebody bringing in their wireless or other kind of router and sticking on the network? win2003 will only protect you from 'non authorized' dhcp servers if the are windows boxes.