Solved

Why are 90% of my workstations getting the wrong DNS ( 68.87.75.194 & 68.87.64.146) Servers when DHCP Server Only Assigns 10.1.10.3?

Posted on 2006-07-12
12
418 Views
Last Modified: 2008-01-09
I have a client's network that started acting up about 4 weeks ago. Random workstations (clients) at random times would loose their connection to the exchange server and/or the network drives. All clients are Windows XP running up to date CA ITM release 8 and Servers are all Windows 2003 (One PDC, the rest are member servers). Upon deeper investigating, the clients DNS Servers are randomly set to  68.87.75.194 & 68.87.64.146 when my DHCP only assigns 10.1.10.3 (PDC) and no Group Policies are set either. Today I manually set a handful of the clients to 10.1.10.3 to see if that helps. Does anyone know of any spyware, adware, or malware that may hijack the dns settings randomly. Everytime I found a client with the incorrect dns and chose to repair the network connection, it would correct the problem. After rebooting and / or logging out and back in several times, some of them reverted back to the incorrect servers again??? Very random with no repeat patterns.

Thanks,
CFITech

0
Comment
Question by:cfitech
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
68.87.75.194 is a legitimate DNS server owned by Comcast. Is that your ISP?
Make sure you do not have 2 DHCP servers somehow, such as 2 routers and/or a server handing out DHCP etc. Also make sure the server's network adapter does not have that IP listed as a DNS server. The ISP's DNS server should only be listed as a Forwarder in your DNS management console. All network adapters, server and workstations, should only have your internal DNS server listed.
What is your DHCP server ? a server or router? best if the server is set up to hand out DHCP addressing rather than a router, and if so, make sure your DNS server 10.1.10.3 is added to the scope option #006 DNS
0
 

Author Comment

by:cfitech
Comment Utility
Only have one DHCP. Router's DHCP is definitely turned off. When you look at your IPCONFIG /ALL the correct DHCP server is listed. Trying to eliminate the server as an issue, I turned off DHCP on the Windows 2003 Server and turned it on on a spare router. The clients then got their DHCP assignments from the temp router, but still had the incorrect DNS servers. The server also uses itself as a DNS server. DHCP server is our Windows Server 2003. Looks like I have all setup the way you suggest already. And, yes, Comcast is our ISP.

0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
-You mentioned at one point the router was the DHCP server. If the router does not have manual DNS entries added to the DHCP configuration it will hand out the ISP's DNS automatically as a default....just for the record.
-No chance your modem is a combined modem/router and performing DHCP as well? Though ipconfig /all is returning the correct DHCP server so that shouldn't be the case
-you mentioned the server's NIC has your Internal DNS server listed for DNS, but it doesn't also have the ISP, does it?
0
 

Author Comment

by:cfitech
Comment Utility
The router was also setup with a manual DNS when we tested it. The comcast supplied modem is an SMC All-in-one Modem / Router, but comcast disabled DCHP per my request when they installed it. My server's NIC is only using my internal DNS. What I can not figure out is how comcast's DNS are getting distributed when thy are nowhere within my network. I have checked, double checked, and triple checked all devices. This is why I was leaning towards some sort of HiJacker???
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
A hiJacker could certainly change your DNS, but unlikely it would affect multiple workstations and what would the benifit to the HiJacker be of having it changed to Comcast. HiJackers have more devious motives.
Very peculiar though.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 4

Expert Comment

by:mattbcs
Comment Utility
If it's comcast workplace, log into the gateway they set up, and disable DHCP... then set up DHCP service on your domain controller, and you'll be all set. It sounds like a case of two dhcp servers fighting. (I had the same problem)

Use internal ip's, and use the gateway ip info and dns from comcast in your dhcp settings.

After you do this, (turn off the dhcp feature on the gateway/router/whatevertheycallit) and set up dhcp on the dc...reboot all machines and you will be good to go!

Cheers,
Matt
0
 
LVL 3

Expert Comment

by:Sid6_7
Comment Utility
You may want to look at your Alternate configurations under your ip setting and make sure nothing is there also.
0
 

Author Comment

by:cfitech
Comment Utility
I will be returning to the client on Monday. I will try to double check the Comcast router. I guess I shouldn't take Comast's word that they disabled the DHCP.

0
 
LVL 4

Accepted Solution

by:
mattbcs earned 250 total points
Comment Utility
The comcast techs have very little training in TCP/IP...they are basically experts at pulling coax...
I'd bet you dollars to doughnuts that dhcp is still enabled.

:)

- Matt
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Do you have a router as well as the Comcast router/modem ? If so, and only if you have an additional router,  you might want to consider putting it in bridge mode while you are at it. This will assure DHCP and other functions are disabled, and will allow for incoming services if ever you have to configure them, such as web and e-mail hosting on a DMZ or a VPN.
0
 

Author Comment

by:cfitech
Comment Utility
We are only using the Comcast router/modem at this time. the other router we used only for troubleshooting purposes and is not in use.

0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now