Why are 90% of my workstations getting the wrong DNS ( 68.87.75.194 & 68.87.64.146) Servers when DHCP Server Only Assigns 10.1.10.3?
I have a client's network that started acting up about 4 weeks ago. Random workstations (clients) at random times would loose their connection to the exchange server and/or the network drives. All clients are Windows XP running up to date CA ITM release 8 and Servers are all Windows 2003 (One PDC, the rest are member servers). Upon deeper investigating, the clients DNS Servers are randomly set to 68.87.75.194 & 68.87.64.146 when my DHCP only assigns 10.1.10.3 (PDC) and no Group Policies are set either. Today I manually set a handful of the clients to 10.1.10.3 to see if that helps. Does anyone know of any spyware, adware, or malware that may hijack the dns settings randomly. Everytime I found a client with the incorrect dns and chose to repair the network connection, it would correct the problem. After rebooting and / or logging out and back in several times, some of them reverted back to the incorrect servers again??? Very random with no repeat patterns.
Thanks,
CFITech
Thanks,
CFITech
ASKER
Only have one DHCP. Router's DHCP is definitely turned off. When you look at your IPCONFIG /ALL the correct DHCP server is listed. Trying to eliminate the server as an issue, I turned off DHCP on the Windows 2003 Server and turned it on on a spare router. The clients then got their DHCP assignments from the temp router, but still had the incorrect DNS servers. The server also uses itself as a DNS server. DHCP server is our Windows Server 2003. Looks like I have all setup the way you suggest already. And, yes, Comcast is our ISP.
-You mentioned at one point the router was the DHCP server. If the router does not have manual DNS entries added to the DHCP configuration it will hand out the ISP's DNS automatically as a default....just for the record.
-No chance your modem is a combined modem/router and performing DHCP as well? Though ipconfig /all is returning the correct DHCP server so that shouldn't be the case
-you mentioned the server's NIC has your Internal DNS server listed for DNS, but it doesn't also have the ISP, does it?
-No chance your modem is a combined modem/router and performing DHCP as well? Though ipconfig /all is returning the correct DHCP server so that shouldn't be the case
-you mentioned the server's NIC has your Internal DNS server listed for DNS, but it doesn't also have the ISP, does it?
ASKER
The router was also setup with a manual DNS when we tested it. The comcast supplied modem is an SMC All-in-one Modem / Router, but comcast disabled DCHP per my request when they installed it. My server's NIC is only using my internal DNS. What I can not figure out is how comcast's DNS are getting distributed when thy are nowhere within my network. I have checked, double checked, and triple checked all devices. This is why I was leaning towards some sort of HiJacker???
A hiJacker could certainly change your DNS, but unlikely it would affect multiple workstations and what would the benifit to the HiJacker be of having it changed to Comcast. HiJackers have more devious motives.
Very peculiar though.
Very peculiar though.
If it's comcast workplace, log into the gateway they set up, and disable DHCP... then set up DHCP service on your domain controller, and you'll be all set. It sounds like a case of two dhcp servers fighting. (I had the same problem)
Use internal ip's, and use the gateway ip info and dns from comcast in your dhcp settings.
After you do this, (turn off the dhcp feature on the gateway/router/whateverthe
Cheers,
Matt
Use internal ip's, and use the gateway ip info and dns from comcast in your dhcp settings.
After you do this, (turn off the dhcp feature on the gateway/router/whateverthe
Cheers,
Matt
You may want to look at your Alternate configurations under your ip setting and make sure nothing is there also.
ASKER
I will be returning to the client on Monday. I will try to double check the Comcast router. I guess I shouldn't take Comast's word that they disabled the DHCP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you have a router as well as the Comcast router/modem ? If so, and only if you have an additional router, you might want to consider putting it in bridge mode while you are at it. This will assure DHCP and other functions are disabled, and will allow for incoming services if ever you have to configure them, such as web and e-mail hosting on a DMZ or a VPN.
ASKER
We are only using the Comcast router/modem at this time. the other router we used only for troubleshooting purposes and is not in use.
Make sure you do not have 2 DHCP servers somehow, such as 2 routers and/or a server handing out DHCP etc. Also make sure the server's network adapter does not have that IP listed as a DNS server. The ISP's DNS server should only be listed as a Forwarder in your DNS management console. All network adapters, server and workstations, should only have your internal DNS server listed.
What is your DHCP server ? a server or router? best if the server is set up to hand out DHCP addressing rather than a router, and if so, make sure your DNS server 10.1.10.3 is added to the scope option #006 DNS