DNS records for web server get changed to invalid ip addresses
Posted on 2007-08-03
The DNS records on our web server (Windows 2003 Std) are somehow changing to point to invalid IP addresses.
Our webserver sits in the DMZ outside our firewall. It connects back into our network through the firewall (Watchguard 1000) to get database information to feed the web sites. The IP setup on the webserver points first to our internal DNS server for it's DNS records (10.x.x.x), then to a public DNS server.
Overnight the last few nights the DNS record for our internal servers is getting changed to point to some public IP address totally unrelated to our company. I need to stop this from happening.
For instance: our local network is 'comany.local' and our external is 'company.com'. When I do a tracert using just the computer name (tracert servername) from the webserver to the database computer it connects to inside our firewall, it normally shows 'tracing route to servername.company.local' and resolves to the IP on our local network (10.x.x.x). Lately though, we come in in the morning and find the connection from the webserver into the db server is not working. A 'tracert servername' results in 'tracing route to servername.company.local' and some public IP address (69.46.x.x) that it starts searching for on the Internet. That ip address resolves to some company I never heard of. Running ipconfig /flushdns and ipconfig /registerdns fixes the issue and the tracert once again resolves to our internal network ip address.
Where and why is the web server picking up the invalid ip address? How do I stop this from happening?