General discussion

Locked taking over DNS settings

By awarner ·
Hi all, I've got a network with all Windows XP or 2000 clients. I use NetWare's DHCP to dish out IP addresses to the clients. Over the past 4 to 5 days, people are calling saying they cannot access the internet. This occurs at random to anyone at any time. When doing an IPCONFIG, I see that the IP, subnet and gateway are fine, but the DNS is set to MSHOME.NET with a DNS address of I do an IPCONFIG /RENEW and they get their proper DNS settings back and internet access returns. Within a couple hours, they call again and I see that their DNS is back to MSHOME.NET etc... What on Earth is doing this and why is it happening out of the blue?? Doesn't happen to everyone, only about 20 out of 200 machines have reported this issue. No malware or viral activity shows up and Microsoft mentions nothing about this on their ICS support docs. HELP!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by robo_dev In reply to taking over DN ...

Rogue DHCP Server:

1) Workstation with ICS Enabled.

2) Windoze 2003 Server with RRAS/NAT internal DHCP firing up (VERY common problem). See link below:

Collapse -

by awarner In reply to taking over DN ...

Robo_Dev, thanks for the advice. So far I have not found a rogue DHCP server nor can I locate a specific machine that has ICS activated. I wish to let this ticket open for now in case there are more ideas, but if I narrow down to one of your two suggestions, the points are gladly yours.
Thanks again!

Collapse - taking over DNS settings - here too

by nhutchins In reply to taking over DN ...

I have the same thing happening here. Just started this week and it seems very random. Did you every get it solved? Anyone else have any thoughts?

Collapse -

Configure the DSN server address manually

by vdahlia In reply to taking over DN ...


Me having the same problem here.

I went to the TCP/IP properties in the local area connection properties and key in the DNS server addresses manually. So far they never called me again on their connection error. Till then I am still looking for a fix and permanent solution for this.

Collapse - ( Rouge DHCP/DNS or WAP )

by Scorpio722 In reply to taking over DN ...

Strange to see this post, we just spent about 1/2 hour on the same issue.

It turned out to be a 'rouge DHCP Server' on the vlan. It was of course unauthorized. Using a pc on the vlan affected we did an arp -a, then tracked the MAC address via standard Cisco commands and located the port. Of course the port was then disabled and that corrected the problem. Of course that user then called for help....can you say "denial of service..."
Hope this gets you in the right direction....

Collapse -

Look At LAN

by john.webb In reply to ( Rouge DHCP/D ...

We just had this happen. We did an ipconfig /all to get the ip of the rouge DNS server. On a laptop with LookAtLAN installed, jumped on that VLAN with an IP in the range of the rouge DNS. Started the scan and it gave us the asset number. Just another way to track it down.

Related Discussions

Related Forums