Weird DNS entries for missing Reverse Lookup zones...REPMUB5
I use the Solarwinds IP Mangement tool just to keep an eye on my IP addresses and my DNS server is on a Windows 2003 platform with SP1 installed.
We noticed an unusual naming standard for a machine that was browsing the web the other day so we dispatched our help desk personnel to get that machine and rename it. Well today I went into the Solarwinds tool and noticed that three of my networks had every machine with that weird naming standard I saw several days ago. Let's say that I have a computer that has an IP address of 22.214.171.124 and it's name should be computerA. Well the new name takes on the IP address and renames the computer to repmub5.2052536-48.usmc.mil. In every instance the name has the IP address as part of the name and the old computer name is no longer.
I did some research and found that on my DNS server those three zones did not have a reverse lookup for them. I confirmed that the original computer name was still in the forward lookup zone and resolved properly to the correct IP address when doing an nslookup on the machine name. Every time you did an nslookup on the IP it came back with the example I mentioned above but with the IP address you looked for.
I have no idea how in the world this configuration even got in there and beside the obvious "virus" what could be the problem? It only happened to the zones that were deleted; no other zone has this.