Solved

Why are 90% of my workstations getting the wrong DNS ( 68.87.75.194 & 68.87.64.146) Servers when DHCP Server Only Assigns 10.1.10.3?

Posted on 2006-07-12
12
421 Views
Last Modified: 2008-01-09
I have a client's network that started acting up about 4 weeks ago. Random workstations (clients) at random times would loose their connection to the exchange server and/or the network drives. All clients are Windows XP running up to date CA ITM release 8 and Servers are all Windows 2003 (One PDC, the rest are member servers). Upon deeper investigating, the clients DNS Servers are randomly set to  68.87.75.194 & 68.87.64.146 when my DHCP only assigns 10.1.10.3 (PDC) and no Group Policies are set either. Today I manually set a handful of the clients to 10.1.10.3 to see if that helps. Does anyone know of any spyware, adware, or malware that may hijack the dns settings randomly. Everytime I found a client with the incorrect dns and chose to repair the network connection, it would correct the problem. After rebooting and / or logging out and back in several times, some of them reverted back to the incorrect servers again??? Very random with no repeat patterns.

Thanks,
CFITech

0
Comment
Question by:cfitech
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17095070
68.87.75.194 is a legitimate DNS server owned by Comcast. Is that your ISP?
Make sure you do not have 2 DHCP servers somehow, such as 2 routers and/or a server handing out DHCP etc. Also make sure the server's network adapter does not have that IP listed as a DNS server. The ISP's DNS server should only be listed as a Forwarder in your DNS management console. All network adapters, server and workstations, should only have your internal DNS server listed.
What is your DHCP server ? a server or router? best if the server is set up to hand out DHCP addressing rather than a router, and if so, make sure your DNS server 10.1.10.3 is added to the scope option #006 DNS
0
 

Author Comment

by:cfitech
ID: 17095129
Only have one DHCP. Router's DHCP is definitely turned off. When you look at your IPCONFIG /ALL the correct DHCP server is listed. Trying to eliminate the server as an issue, I turned off DHCP on the Windows 2003 Server and turned it on on a spare router. The clients then got their DHCP assignments from the temp router, but still had the incorrect DNS servers. The server also uses itself as a DNS server. DHCP server is our Windows Server 2003. Looks like I have all setup the way you suggest already. And, yes, Comcast is our ISP.

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17095217
-You mentioned at one point the router was the DHCP server. If the router does not have manual DNS entries added to the DHCP configuration it will hand out the ISP's DNS automatically as a default....just for the record.
-No chance your modem is a combined modem/router and performing DHCP as well? Though ipconfig /all is returning the correct DHCP server so that shouldn't be the case
-you mentioned the server's NIC has your Internal DNS server listed for DNS, but it doesn't also have the ISP, does it?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:cfitech
ID: 17095513
The router was also setup with a manual DNS when we tested it. The comcast supplied modem is an SMC All-in-one Modem / Router, but comcast disabled DCHP per my request when they installed it. My server's NIC is only using my internal DNS. What I can not figure out is how comcast's DNS are getting distributed when thy are nowhere within my network. I have checked, double checked, and triple checked all devices. This is why I was leaning towards some sort of HiJacker???
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17095683
A hiJacker could certainly change your DNS, but unlikely it would affect multiple workstations and what would the benifit to the HiJacker be of having it changed to Comcast. HiJackers have more devious motives.
Very peculiar though.
0
 
LVL 4

Expert Comment

by:mattbcs
ID: 17095916
If it's comcast workplace, log into the gateway they set up, and disable DHCP... then set up DHCP service on your domain controller, and you'll be all set. It sounds like a case of two dhcp servers fighting. (I had the same problem)

Use internal ip's, and use the gateway ip info and dns from comcast in your dhcp settings.

After you do this, (turn off the dhcp feature on the gateway/router/whatevertheycallit) and set up dhcp on the dc...reboot all machines and you will be good to go!

Cheers,
Matt
0
 
LVL 3

Expert Comment

by:Sid6_7
ID: 17097105
You may want to look at your Alternate configurations under your ip setting and make sure nothing is there also.
0
 

Author Comment

by:cfitech
ID: 17101649
I will be returning to the client on Monday. I will try to double check the Comcast router. I guess I shouldn't take Comast's word that they disabled the DHCP.

0
 
LVL 4

Accepted Solution

by:
mattbcs earned 250 total points
ID: 17102541
The comcast techs have very little training in TCP/IP...they are basically experts at pulling coax...
I'd bet you dollars to doughnuts that dhcp is still enabled.

:)

- Matt
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17104966
Do you have a router as well as the Comcast router/modem ? If so, and only if you have an additional router,  you might want to consider putting it in bridge mode while you are at it. This will assure DHCP and other functions are disabled, and will allow for incoming services if ever you have to configure them, such as web and e-mail hosting on a DMZ or a VPN.
0
 

Author Comment

by:cfitech
ID: 17107205
We are only using the Comcast router/modem at this time. the other router we used only for troubleshooting purposes and is not in use.

0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Resolve DNS query failed errors for Exchange
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question