?
Solved

clinet DNS settings problems in Win 2000 AD environment

Posted on 2006-05-04
33
Medium Priority
?
485 Views
Last Modified: 2008-01-09
Hi Experts

Domain Controller, Windows 2000 advanced server, Active directory with DHCP and DNS set up (inherited but all looks ok)
All clients XP Pro.

All the clients were set to obtain DNS automatically.

From time to time, they have been defaulting back to that of the ISP rather than the server.

I have set them manually but should this be happening?

Is this indicative of a fault somewhere?

There are no relevant errors in the event viewer on the server. (Not since December 2003 anyway!).

If any more info would help, please let me know.

Many thanks

Nick.
0
Comment
Question by:Nick Denny
  • 15
  • 13
  • 5
33 Comments
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16607741
Verify on the server in the DHCP management console under; Server name | Scope | Scope options | in the right hand window that option #006 has your DNS server/s added, and Option # 15 has your domain and suffix added ( mydomain.abc). If not right click on scope options, choose configure options, and add.
Afterwards you should reboot the workstations or run at a command line:
ipconfig  /flushdns
ipconfig  /registerdns

0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16607843
#006 was configured but #015 was not.

Am I best leaving as manually configured or should I reset to auto now?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16607873
Nothing wrong with manual at all, but from amanagent point of view, personally I prefer having everything working via DHCP, even if you are not using it.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
LVL 13

Author Comment

by:Nick Denny
ID: 16607901
Thanks so much Rob.

I will do this later on when everyone leaves and let you know the outcome.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16608020
Good luck. Let us know how you make out.
I am thinking if you had option #006 enabled it may be something else.
The server itself, as well as the workstations, should only point to your DNS server in the TCP/IP properties on the network adapter. The ISP DNS/s should only be listed as forwarders (not forward lookup zones) in the DNS management console. Double check that as well. If the ISP's DNS was listed on the server's network adapter, the workstations might pick it up, but surprised if that was the cause.
--Rob
0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16608085
Thx again Rob.

I have tested 1 client with what you suggested.

I ran the command line (didnt change) and also rebooted.

It has still returned the ISP DNS (which are indeed set in the forwarders and NOT in forward lookup zones).

The server has the correct DNS.
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 600 total points
ID: 16608134
Out of curiosity on one workstation if you get a chance try a complete TCP/IP reset. This will reset the network adapter back to the original registry settings when you installed the card and DHCP. If you have any other adapters such as a configured wireless card you may not want to do it, as it will wipe the cards configuration such as WEP.
  netsh  int  ip  reset c:\reset.txt
This is really just a fishing expedition but I am curious as to where the ISP is coming from as you appear to have everything correct.

Do you have a second Domain controller/DNS server?
0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16608181
I can try that now.

No - only the one DC.
0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16608242
Ok - it gets stranger.

As i said in my 1st post - this doesnt always happen.

So before trying the reset - I rebooted again (ISP DNS) then I tried your 1st method again and the DNS was correct (that of our server).

I did the reset and rebooted again.

It came back as the ISP DNS. A run of the flush & register has set it right...

Hmmm - something is not right

Thanks for hanging there Rob
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16608290
This must be driving you crazy. Only thing consistent about Windows, is it is inconsistent ! <G>
Let me know how it goes.
0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16608586
I have managed to "play" with another couple of workstations.

Setting these to DNS automatically, has resulted in ISP IP's on a reboot!!!!

Is there anything alse I should be checking?

Any mileage in listing out the structure??

This is only a small network (20+ workstations).

I might add - its 400 miles away so stuff like "disabling NIC" is not an option at the moment - I'm having to work remotely.

Thanks again.

Nick.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16608694
>>"Any mileage in listing out the structure??"
You could post a sample ipconfig /all  results from one problematic PC

Just a thought, the router is not listed as a DNS server is it? Gateway is fine.
0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16608761
No - router is listed as gateway.

I will come back later with more results. I have to go out now (already late!!).

Thanks again.
0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16611259
After rebooting one of the machines - back to the ISP DNS again.

Heres the ipconfig file:

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
        Physical Address. . . . . . . . . : 00-15-F2-52-D3-C3
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 222.222.222.13
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 222.222.222.219
        DHCP Server . . . . . . . . . . . : 222.222.222.200
        DNS Servers . . . . . . . . . . . : 213.120.62.99
                                            213.120.62.100
        Lease Obtained. . . . . . . . . . : 05 May 2006 01:39:15
        Lease Expires . . . . . . . . . . : 13 May 2006 01:39:15
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16611332
I assume you masked the IP address? Your subnet is not 222.222.222.0 is it?
It has to be a private IP (which is safe to post) such as 192.168.x.x, 10.x.x.x, or 172.16-31.x.x
If using public IP's this could be related to the problem. If not everything looks fine, so long as the IP for DHCP, is correct.

0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16611507
This is exactly as the system is.

I queried the 222 range with the company that installed the system some years back, who assured me that this was all correct.
Having never heard of using this subnet - I bowed to their "higher degree of knowledge" and never thought to take it any further.

In saying that - other than this, I am not aware that it has ever caused a problem. However - I am happy to take advice on this.

Changing over to a conventional private subnet will be a real time consumer though - due to VPN's etc. But ... if needs must...

219 is indeed the router, 200 is indeed the DHCP server.

I personally can't understand even using these IP's, how the DNS is not showing the server address.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16611708
I think we are on to something here. In a normal network environment you would use a private address scheme for all local computers. Those include:
172.16.0.0  - 172.31.255.255
192.168.0.0 - 192.168.255.255
10.0.0.0      - 10.255.255.255

However, it is possible to run your entire network using public IP's, but I can think of dozens of conflicts if you don't own those IP's. Can you confirm if you own a range of IP's at least including 222.222.222.13 to 222.222.222.200 ?
They are registered to:
  CHINANET hebei province network
  China Telecom
  No.31,jingrong street
  Beijing 100032
I'm going to take a wild guess and say that is not you.

DNS server addresses are registered to:
  BT OPENWORLD OPERATIONAL SUPPORT
  BT Openworld, UK
Does that sound correct?

Then again, if you are behind a router performing NAT, you might never have a problem. You mentioned VPN users. They could, or should be having a real problem. I am trying to stay focused on the fact that your problem is the ISP DNS servers assigned by DHCP, and whether the network would ever look outside of your LAN to obtain those IP's.

Out of curiosity in your DNS management console, do you have a reverse look up zone for "222.222.222.x Subnet" ? If so do the Names (IP's) and data (Computer names) look correct? Especially 222.222.222.200, the DHCP server.

Also what is the public IP of the router. You can find this by going to http://www.whatismyip.com.
NOTE: For security reasons only display the first two octets here such as 123.123.xxx.xxx

I have been working (I use that term loosely) for 15 hours and I'm 1/2 way through a bottle of wine <G>. I'm going to see if I can get a real expert to have look and see what he thinks the implications are here. For the record I am +4hrs GMT and he is about =GMT so you may not hear for a while, but lets hear what he has to say if he is willing to have a look, and I'll 'sleep' on it.
0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16611955
Rob - I thank you so much for your input.

-->"I'm going to take a wild guess and say that is not you."<--

You are quite right - the IP's are nothing to do with us.
In fact China Telecom own the full block but not 1 responds to a ping....
http://www.dnsstuff.com/tools/whois.ch?ip=222.222.222.1&cache=off
http://www.dnsstuff.com/tools/whois.ch?ip=222.222.222.254&cache=off

-->"DNS server addresses are registered to:
  BT OPENWORLD OPERATIONAL SUPPORT
  BT Openworld, UK
Does that sound correct?"<--

Spot on.

-->"You mentioned VPN users. They could, or should be having a real problem"<--

Never encountered a problem with VPN.
Using VNC over SSH Sentinel here for admin purposes.
SSH to static IP at offices then VNC to LAN

-->"Out of curiosity in your DNS management console, do you have a reverse look up zone for "222.222.222.x Subnet" ? "<--

Yes

-->"If so do the Names (IP's) and data (Computer names) look correct? Especially 222.222.222.200, the DHCP server"<--

There is no mention of the DHCP server here (by IP) - everything else looks fine. Should the DHCP server be in here with its IP?
In addition to all the computers on the network I also have:

Name:                                Type:                           Data:
(same as parent folder)        Name Server                servername.domain.domain.com
(same as parent folder)        Start Of Authority          [353], servername.domain.domain.com, administrator.domain.domain.com

***this time I have masked out servername and domain***

If you need the properties of these 2 entries I can supply those too.

The DHCP server is listed by name and IP in the forward lookup zone.

-->"Also what is the public IP of the router"<--

217.34.xxx.xxx    this is a static IP.

Router is a Zyxel Prestige 625H/HW-31  which I can telnet to.

I'm in the UK so I'm running on BST (British Summer Time =  GMT +1) and its 4.45 am and I've had a tough day too!!

In the meantime I will revert back to the short fix of a manual assignation of DNS servers.

Thanks once again for all your efforts.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16619961
The DHCP server should be listed in the reverse lookup zone, not necessarily as DHCP server but the IP and server name should be there. You could manually add it, or checking "register this connections address in DNS" on the servers network adapter, on the advanced TCP/IP settings, DNS tab, should do it automatically.

I am looking at the issues you may run into using a public IP behind the NAT router, as it eliminates a lot of them. One would be you will never be able to access any Internet site with a 222.222.222.x IP address as it will try to resolve locally. The other big concern is will anything that is being resolved on the local network try to go to an Internet based DNS server to resolve your local 222.222.222.0 subnet. It shouldn't but will cause real chaos if it does.

However none of this explains your initial question/problem of why the network adapters are retaining the ISP's DNS servers. Only possibility I see here would be if 222.222.222.200 was a public DNS server handing out your BT DNS server IP's, but I'm doubtful. :-)
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 1400 total points
ID: 16620072
Wow, what a read so far........

Just a couple of basic settings i would like to confirm (as above)

1) does your DHCP server itself, cop the same ISP DNS in its IP Config? This will help to narrow down whether the problem is DHCP related or whether therer is something else crazy going on

2) have you confirmed that there is no additional DNS config on the advanced properties of your TCPIP config on troublesome clients? I have seen similar issues where there is old config still sitting manually entered even using DHCP assignment

3) i would point you to DHCP settings but Rob already has and you have confirmed for us

4) DHCP has been disabled on the router yes?? on a troublesome machine, check the leasing and see if there is actually a lease for that client on your server

I apologise if i have sent duplicate tasks that may have already been covered above, just trying to narrow down absolutely everything....
0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16621231
@ Rob

I have automatically added it thru the network adapter. Checking the box brought up another "use this connections DNS suffix in DNS registration".
Without checking the 2nd box, it did not auto register in the reverse lookup, but did when I checked the 2nd box (although I have not added a DNS suffix in the "DNS Suffix for this connection" box above the 2 check boxes).

I have ran a ping on the whole 222.222.222.xxx block and none respond to a ping, so at the moment this is not an issue with 222.222.222.200 being live.
I will be on site in the next couple of weeks and I think I will renumber to a private subnet (even though I cannot see how this would solve the initial problem, it seems a sensible step).

Since automatically adding the DHCP server to the reverse lookup zone, I have automatically assigned DNS to a workstation, rebooted and now it picks up the BT DNS.
Running the command line, corrects this, re-rebooting sets them back to BT's.

@ Jay - hey there - welcome in

1) the DHCP server has its DNS manually configured (and IP) to its own IP - should I try it on auto to see what happens?
2) there are no other settings on any of the other clients (all are showing the same behaviour now - this may help troubleshoot....)
3) NA
4) Aha - this could be the problem - I have just been into the router. DHCP is on - however, the plot thickens - the IP range on the router is a private subnet..  192.168.1.x and the DNS servers are also listed in there.
Maybe this is conflicting - I will disable and report back.
0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16621372
Well Rob and Jay

I have to apologise for not checking the real basics first!!!!!

Disabling DHCP in the router seems to have sorted the probelm.
I have rebooted 4 workstations after assigning to auto and they all pick up the server now.

@ Rob - I have gleaned a lot of info from you assistance and feel it only right to award some kind of split. Even though Jay provided the ultimate answer, perhaps the changes you advised led to that - you asked "Do you have a second Domain controller/DNS server?" and technically there was - the router - .....  also, clearly the system was not setup correctly which hopefully it is now.

@ Jay - I will be accepting your answer (if this question is ever viewed it needs to show yours as accepted) but do you feel it would be fair to split the points too? Perhaps even with the Lions share going to Rob?

I know how it feels to get involved in something thats looks complicated, technical etc, only to find its something real simple that gets overlooked  (the old - "have you switched it on at the power supply" type of thing!!!)

However, what still puzzles me is even though the DHCP was on in the router, how come none of the workstations ever received an IP from the router but did pick up the DNS servers? They are all assigned for automatic IP.
Also - usually the auto assignation of DNS picked up the server until recently when more often they started to pick up the routers (Bt's).

Computers huh ....

Please let me have your thoughts on the points situation so I can PAQ this and once again,  many many thanks for all your advice and input.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16621411
Excellent catch James (Jay_Jay70). I never thought of that where the network adapter was getting and showing the correct DHCP server under the network adapter properties.

However, folks there is a problem here. Although there should not be 2 DHCP servers, how can the network be on 222.222.222.0 and connect to a router on 192.168.1.0 ? not possible. You couldn't get tothe Internet. There is a missing link here ? You must have 2 network adapters on the sever and only posted results of 1, or there is another router somewhere??  If 2 NIC's I can see the ISP's DNS server information being passed through the server though it shouldn't have been.

Any ideas?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16621424
seriousnick, sorry forgot..... as for points please feel free to award as you see fit. I have no problem at all with you awarding all to James. I asked him to have a look, as he is a true Expert, and he verified that here. We often collaborate. He's good guy.......... Also, they are just points <G> If the reward was beer.....now then you might get some argument. :-)

Let me know about the above different subnets as I am very curious.
--Rob
0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16621591
Thx Rob

I will attempt to explain.

As I mentioned - system inherited so I don't know why it was setup like this (in fact I could take a guess - I have also been into the router on a remote office and the subnet there is on 192.168.1.x, and I seem to remember someone telling me that, a while back, a spare replacement router was sent from the remote office to replace a faulty one in the location we have been troubleshooting. I suspect that those settings were remnants from where it was installed previously and just never been changed).

Router config (prior to me changing it earlier) -

DHCP settings (in LAN Setup)

DHCP                       :server
Clinet IP starting pool: 192.168.1.33
Size of client IP Pool : 32
Pri DNS  }
Sec DNS }    BT's

TCP/IP Settings:
IP address:    222.222.222.219
Subnet Mask: 255.255.255.0

As said, the DHCP is now : none

As for points - in light of your last post Rob, I will do a Rob/Jay  150/350  grade A split

Can't thank you enough guys. And yes - I will be going everything with a fine tooth comb starting from basics!! when I go up there.

@Rob - If I manage to work out how to set up an ftp server, hosting beer, you will be first on the list for a free username and password. lol
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16621642
1) Thanks for the points. I am fine with that so long as James is happy. Appreciate the consideration

2) If you get that FTP beer server working, forget the UserName and password, I just want to be able to invest

3) Still not sure I follow: If the router actually has a LAN IP of 222.222.222.219 great, I just misunderstood. Though most routers will not allow you to set a DHCP range out side of the LAN IP subnet of the router. Or, does the router have a 192.168.1.x LAN IP?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16621678
Great Stuff Nick

I have absolutely no problem with the points going to Rob at all, he spent the time and guided you through the majority of it :) I apologise for not posting earlier but i was watching a movie :)

Oh and count me in on that FTP site, sounds unreal and you know us Aussies love to Drink :)
0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16621682
Strange isn't it - but yes, this router will allow an IP on a differing subnet to that assigned on the DHCP..
The LAN IP is manually set as 219.

Which I suppose is one of the reasons we never even thought to query the router, as all was working well and we had outside access with no problems.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16621684
Thankyou Rob for you words also, let it be known though that Rob has been guiding and teaching me a lot in the last few months through EE, if anyone is deserving of Expert Status it is Rob :)
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16621687
Very Strange indeed, pobably one of the magic tricks of networking :)
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16621694
>>"this router will allow an IP on a differing subnet to that assigned on the DHCP..The LAN IP is manually set as 219."
OK, explained, I can sleep tonight <G>

James, guess we all have our fields of expertise.

Everyone have a great weekend.
--Rob
0
 
LVL 13

Author Comment

by:Nick Denny
ID: 16621696
"Oh and count me in on that FTP site"

hmmm - might be worth posting a question - see how this could be done  ;)
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16623377
Ha! i will research that like a madman on crack to see a Beer FTP site - o the possibilities,

Cheers Nick, and Cheers Rob
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question