[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Intermittent DNS failure on windows 2003 network

Posted on 2008-11-04
21
Medium Priority
?
455 Views
Last Modified: 2010-08-05
we are having intermittent DNS failures on our windows 2003 network.

every 30 minutes or so it seems some people lose their DNS settings. what is bizarre is that even manually configured dns machines are going nutty
example:

our dns servers are
10.99.70.5
10.99.70.6

doing "nslookup all"   reveals both DNS servers

However after a while doing "nslookup all" shows one dns server with an IP of
192.168.11.1


Running ipconfig /flushdns and /registerdns brings it back.

Now we had VMware installed on one of the DNS servers and I recently uninstalled it.

It should also be noted that the FIRST (FSMO) DNS server is a Virtual machine running on VMware and the second DNS is running on metal.

Nothing I do seems to change this.

Any ideas?
0
Comment
Question by:05fdml
  • 9
  • 9
  • 2
  • +1
21 Comments
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 22880413
Maybe a rogue DNS server on the network..?
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22880417
Do you have another "rouge" DHCP server (in a router or WAP) handing out IP addresses somewhere?
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22880419
Jinx
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:05fdml
ID: 22880864
i thought about that and disabled all the wireless routers/APs in-house.
is it possible if someone at work connects to a wireless router that is not in-house while he is connected to our network via Ethernet to produce something like what is happening?

0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22880925
Shouldn't. It wouldn't forward the BOOTP packets across the networks unless you set up a DHCP relay agent.

Are all your servers set to static IP addresses? Does the DHCP scope only point to those servers for DNS? Does the DNS server point to itself for name resolution? Perhaps a brief overview of your network would give us a better idea.
0
 

Author Comment

by:05fdml
ID: 22881128
Upon further review in the first domain controller  the second DNS entry is pointing to the ISP DNS.

The second dns server points to the .5 (the first dns server) then to .6 (itself)

That needs to be changed so that it only points to itself and not another dns server.


but this still doesn't explain the 192.168.11.1  cropping up everywhere...

No dhcp relay agent. Only the firewall a sonicwall 2040 enhanced OS is running DHCP.



0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22881184
Good finds. That is very odd that the 192.168.11.1 is showing up....
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22881199
Wait, your SonicWall is running DHCP? Why don't you have it installed on one of your servers? What are the options on the DHCP scope on the SonicWall (Router, DNS, etc.)?
0
 

Author Comment

by:05fdml
ID: 22881365
on the sonicwall the dns server setting si set to maunal and are:

.5 internal dns
.6 internal dns
.17 external isp dns

The dhcp scope is .51 to .254 with conflict detection is enabled.
The dns/wins settings on the DHCP are set to inherit dynamically from sonicwall's dns settings

all the servers are below .50

0
 

Author Comment

by:05fdml
ID: 22881385
the dhcp settings were inherited. we used to be running dd:wrt that was running the DHCP and so transfered it over to the sonicwall when we installed it.

That is why this is so weird. It all started last Friday. Before then it was fine....

0
 

Author Comment

by:05fdml
ID: 22881393
the dhcp lease times are set to 1440 minutes
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22881397
Yeah, you do NOT want your clients having the ISP's DNS in their list of DNS servers.

You want all DNS requests to exsclusivly go through your AD integrated DNS servers. Then your DNS servers should be set to forward all requests that they aren't authoritative for to the ISP's servers.
0
 

Author Comment

by:05fdml
ID: 22881513

yeah the forwarders on both dns point to the external (now both external) isp dns servers

yeah that is what i am battling now - some people have decided to enter in the external dns server ip so they can get to the internet... the bad part is they still are having issues as well. i just don't get why the 19x.xxx.xxx.xxx

0
 
LVL 14

Accepted Solution

by:
dfxdeimos earned 2000 total points
ID: 22881547
Well, I would start with the cleanup first and see if that eliminates these odd IP addresses that you are seeing.

How are they entering the IP addresses on their own? They shouldn't have permission to modify their own IP settings, and even if they do how do they know the right IP address to put it to?

You have internet access blocked off?
0
 

Author Comment

by:05fdml
ID: 22881636
short answer is, there is onsite IT guy and I am the ITconsultant. Not a pretty way to do IT i know.

They use me to set up the servers, network, etc. and the other guy for day to day things...

HE does not have access to change server settings but can change user settings at will.

0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22881679
Tell him to quit messing with sh!7 otherwise you are going to b!7chslap him. =]
0
 
LVL 14

Assisted Solution

by:dfxdeimos
dfxdeimos earned 2000 total points
ID: 22881718
But seriously, if this were my network I would restructure the DHCP infrastructure to run on one of the Windows Servers. That will give you more granular control of everything.

You can authorize the server in AD and prevent any "rouge" servers ont he domain from handing out IP addresses.

I would then push out a logon script / GPO that reverts the IP settings of the Workstation computers back to what YOU know they should be every time they reboot.

He who controls the servers controls the domain... MWAHAHAHAHAHAHAHA ::cough::
0
 

Author Comment

by:05fdml
ID: 22882124
interesting development. apparently a few users are using their iphones at work while they are connected to their computers (only to charge them though they tell me).

So I am wondering if there is something to that?

0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 22886629
ipHone connected to the networks via a USB wont have this effect...
0
 

Expert Comment

by:touchstar-brady
ID: 22892873
The best solution is to put pot in the IT guy's lunch box, and call the boss over.  Or the power supply of his computer.  

You said manually configuring the clients does the same thing though, right?  I think that something is poisoning the DNS cache on one the the DNS servers.  DNS servers can cache query responses.  
If possible, try dropping one of those DNS servers off the network, flushing DNS settings on a client that you know has had that issue and see if you see the same thing.  Get the same thing, drop the other one.  

You are running anti-virus software on these machines, and keeping them up to date, right?  I dont have to go down that road, right?  (please say no, please say no, please say no)

Also, you can check your switch if it's an L3 switch (depends on the switches firmware, etc etc) for any hosts that are on that network.  Another thing that you can try is to set your machine on the 192.168.x.x and use something like Angry IP scanner to suss out the rogue machine.  

And for f$ck sake use the Windows DHCP services man.  Just do it.

Hope this helps.    

0
 

Author Closing Comment

by:05fdml
ID: 31513274
I'm giving the points cause you were first with the helpful hints, etc.

I went to the site and in 10 minutes found out what happened. Someone turned on and plugged in a wireless router they found at the site. Turns out the guy there did not check very throughly for what I asked him to check for....

I yanked the router, and when people come in they will ipconfig /flushdns */registerdns
and all should be happy and fine.

Thanks again for the help
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question