Question

DNS Issue?

Asked by: bostonconservatory

Obviously, there must be a physical computer plugged into my network but how can I find it? Here's the scenario: a new server was built with a static IP address, the server worked for 4 days with no problem. On this past weekend, we shut the server down and put it on our rack. This morning, we see an IP conflict with the server's static IP. We unplugged the network cable and pinghed the IP address. It answered. We pingged with the command ping -a XXX.XXX.XXX.XXX, it answers with the server name. We pingged the server by name and it answers but like I said before, the server is now unplugged from the network. Where should I look to resolve this problem?

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2007-11-12 at 09:38:38ID22955043
Tags

server

,

dns

Topics

Oracle Database

,

Domain Name Service (DNS)

,

Windows 2003 Server

Participating Experts
4
Points
500
Comments
10

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. "network cable unplugged" (but not really)
    I'm using an Alcatel Speedtouch USB modem under Windows XP to connect to an ADSL network. Every few minutes, I get a "network cable unplugged" error and I am dropped from the network. The cable is not really unplugged on my end, though there may be problems with t...
  2. "A network cable is unplugged" - no it's not!
    I've seen different variations of this problem by searching, looked at them all, but none of them have so far been helpful in solving my problem. All of a sudden one afternoon, my internet connection (wireless microwave from Wispertel, not 802.11x/DSL/Cable) stopped working ...
  3. Network Cable unplugged, apparently ???!??!?
    Ok here's a thinker. This server has 2 NICs and there's a router supplied by the ISP with an external IP. The network connections are absolutly fine untill the DHCP/DNS wizards have been run. After which the LAN nic is sitll operational with DHCP/DNS working fine with clie...
  4. A network cable is unplugged
    Hurricane Katrina passed on top of here (Miami) causing lots of power surges and several power failures while I was in the middle of doing work. After it was over I noticed my main computer is no longer able to connect to the internet. It normally connects via one of four e...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: LilshooterPosted on 2007-11-12 at 09:43:47ID: 20265723

you can always look at the arp entry for the IP address, do you have managed switches?  arp -a after pinging the ip address in question, copy down the mac address, then start looking for the offending machine.  If you have DHCP enabled on the network, check the DHCP server log to see if the address matches the mac address.  In this case you would need to set an exclusion in your DHCP server to exclude that IP address, reboot the machine that has the IP address and all should be well.

If you need a tool to monitor the network and seek out this mac address, Ethereal is a good start.

Cheers,

Shooter

 

by: LilshooterPosted on 2007-11-12 at 09:45:03ID: 20265735

from a command line type arp -a (after pinging the address in question)  sorry didn't really specify where and when to run arp -a.


Cheers,

Shooter

 

by: _jesper_Posted on 2007-11-12 at 09:46:13ID: 20265741

If you look at the ARP table on a switch, you can get the machine's MAC address and perhaps track it down from there.

I would also consider hard coding the IP<->MAC address on the switch for the legitimate server if that switch configuration allows it.

If you want to see the traffic from that [mis]configured server and your switch does port mirroring, you can monitor the type of traffic that's being sent from that server.

How large is the network, are the ethernet cables into the switch labeled and can you trace the cables from to the switch to account for the machines?

 

by: ChiefITPosted on 2007-11-12 at 11:31:21ID: 20266489

You said you brought a new server on line:

First off, (and most will disagree with me on this), It can take a couple days to replicate the DNS settings of a new server to other servers within the Domain. I say, most will disagree, because they will say it takes up to 8 hours to replicate that DNS out.

This is just a thought. If you took an old server off line with the same static IP. It may have taken a couple days to replicate out to the other server. By bringing an old server off line, there may be DNS metadata lef over from the old server left on some of the other Domain controllers. When you brought the DC on line, you may have replicated the DNS settings to the other servers and they are reporting back that the old server's DNS settings still had a DNS Host A left in DNS. Now they don't know what to do about it except error you out. So, you may have been doing OK for a couple days and when you restarted your machine, you also restarted the netlogon service. Now, the servers are giving you an error.

My best guess is you still have metadata pertaining to DNS on the remaining servers and that is interfering with this new server's DNS registration to the other domain controllers.

 

by: _jesper_Posted on 2007-11-12 at 11:43:46ID: 20266622

The poster said he pinged the IP.

He also said that when he took the new server off, another machine answered to that IP.

DNS doesn't even factor in at this point.

 

by: schwertnerPosted on 2007-11-13 at 02:24:28ID: 20270554

Figure out where is the machine with the "pirate" IP placed.

In linux:

man nslookup 172.31.10.11
dig -x <ip-address>

host -t ptr 172.31.10.11


In Windows:

nslookup 172.31.10.11

 

by: _jesper_Posted on 2007-11-13 at 06:10:12ID: 20271492

The DNS is not the issue (again).

That IP address is supposed to be for the server that he put in *not* for someone else's use.

Start with the MAC address and find the machine.

 

by: bostonconservatoryPosted on 2007-11-15 at 11:27:19ID: 20291603

Thank you for your suggestions. We don't managed switches. We have switches from Linksys and they are plug and play. Someone suggested that our router may be calprit but I looked at the router with the show interfaces command. It shows FastEthernet0 being bind to xxx.xxx.xxx.1/24 which is our gateway IP. It shows Serial0 being bind to our external IP address xxx.xxx.xxx.xxx/30. I couldn't see how the router would take that IP since it is not included in our DHCP range and the two interfaces are bind to our internal and external IP's. And even if the router took the IP address how would it know to assume the netbios name of the server?

 

by: _jesper_Posted on 2007-11-15 at 11:37:44ID: 20291693

If you can ping that IP and get an alive response, then there is a machine that has that IP address.  

For servers with static addresses, those addresses should be outside of the DHCP pool anyway.  If they aren't, moving them outside of the pool would be the first step that I would take.

Is this [duplicate] IP from the same subnet that the router interface is on?

If so, on the router you should be able to look at the arp table to see what MAC address is broadcasting that IP.  Then hardcode the correct MAC address to that IP to keep the rogue machine from advertising it to the router.

 

by: bostonconservatoryPosted on 2007-11-19 at 08:02:36ID: 31408995

The problem was of our own making! A year or so ago we decided to segment our network into two subnets, XXX.XXX.100.0 and XXX.XXX.200.0. This did not work very well so we stopped using the .220.0 subnet but we left the router in place and that router had the IP address that my co-worker assigned to the new server. I am surprised that we didn't get an IP conflict until four days later. We found a tool called wireshark which found the IP and told us the source was a Cisco device. I looked at our active router but found nothing, then the thought hit me that we still had the other router on line which we called the student router. Since it was not being used, I simply unplugged it and away went our headaches. Thanks for all your help.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...