Intermittent DNS failure on windows 2003 network

we are having intermittent DNS failures on our windows 2003 network.

every 30 minutes or so it seems some people lose their DNS settings. what is bizarre is that even manually configured dns machines are going nutty
example:

our dns servers are
10.99.70.5
10.99.70.6

doing "nslookup all"   reveals both DNS servers

However after a while doing "nslookup all" shows one dns server with an IP of
192.168.11.1


Running ipconfig /flushdns and /registerdns brings it back.

Now we had VMware installed on one of the DNS servers and I recently uninstalled it.

It should also be noted that the FIRST (FSMO) DNS server is a Virtual machine running on VMware and the second DNS is running on metal.

Nothing I do seems to change this.

Any ideas?
05fdmlAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnGerhardtCommented:
Maybe a rogue DNS server on the network..?
0
dfxdeimosCommented:
Do you have another "rouge" DHCP server (in a router or WAP) handing out IP addresses somewhere?
0
dfxdeimosCommented:
Jinx
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

05fdmlAuthor Commented:
i thought about that and disabled all the wireless routers/APs in-house.
is it possible if someone at work connects to a wireless router that is not in-house while he is connected to our network via Ethernet to produce something like what is happening?

0
dfxdeimosCommented:
Shouldn't. It wouldn't forward the BOOTP packets across the networks unless you set up a DHCP relay agent.

Are all your servers set to static IP addresses? Does the DHCP scope only point to those servers for DNS? Does the DNS server point to itself for name resolution? Perhaps a brief overview of your network would give us a better idea.
0
05fdmlAuthor Commented:
Upon further review in the first domain controller  the second DNS entry is pointing to the ISP DNS.

The second dns server points to the .5 (the first dns server) then to .6 (itself)

That needs to be changed so that it only points to itself and not another dns server.


but this still doesn't explain the 192.168.11.1  cropping up everywhere...

No dhcp relay agent. Only the firewall a sonicwall 2040 enhanced OS is running DHCP.



0
dfxdeimosCommented:
Good finds. That is very odd that the 192.168.11.1 is showing up....
0
dfxdeimosCommented:
Wait, your SonicWall is running DHCP? Why don't you have it installed on one of your servers? What are the options on the DHCP scope on the SonicWall (Router, DNS, etc.)?
0
05fdmlAuthor Commented:
on the sonicwall the dns server setting si set to maunal and are:

.5 internal dns
.6 internal dns
.17 external isp dns

The dhcp scope is .51 to .254 with conflict detection is enabled.
The dns/wins settings on the DHCP are set to inherit dynamically from sonicwall's dns settings

all the servers are below .50

0
05fdmlAuthor Commented:
the dhcp settings were inherited. we used to be running dd:wrt that was running the DHCP and so transfered it over to the sonicwall when we installed it.

That is why this is so weird. It all started last Friday. Before then it was fine....

0
05fdmlAuthor Commented:
the dhcp lease times are set to 1440 minutes
0
dfxdeimosCommented:
Yeah, you do NOT want your clients having the ISP's DNS in their list of DNS servers.

You want all DNS requests to exsclusivly go through your AD integrated DNS servers. Then your DNS servers should be set to forward all requests that they aren't authoritative for to the ISP's servers.
0
05fdmlAuthor Commented:

yeah the forwarders on both dns point to the external (now both external) isp dns servers

yeah that is what i am battling now - some people have decided to enter in the external dns server ip so they can get to the internet... the bad part is they still are having issues as well. i just don't get why the 19x.xxx.xxx.xxx

0
dfxdeimosCommented:
Well, I would start with the cleanup first and see if that eliminates these odd IP addresses that you are seeing.

How are they entering the IP addresses on their own? They shouldn't have permission to modify their own IP settings, and even if they do how do they know the right IP address to put it to?

You have internet access blocked off?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
05fdmlAuthor Commented:
short answer is, there is onsite IT guy and I am the ITconsultant. Not a pretty way to do IT i know.

They use me to set up the servers, network, etc. and the other guy for day to day things...

HE does not have access to change server settings but can change user settings at will.

0
dfxdeimosCommented:
Tell him to quit messing with sh!7 otherwise you are going to b!7chslap him. =]
0
dfxdeimosCommented:
But seriously, if this were my network I would restructure the DHCP infrastructure to run on one of the Windows Servers. That will give you more granular control of everything.

You can authorize the server in AD and prevent any "rouge" servers ont he domain from handing out IP addresses.

I would then push out a logon script / GPO that reverts the IP settings of the Workstation computers back to what YOU know they should be every time they reboot.

He who controls the servers controls the domain... MWAHAHAHAHAHAHAHA ::cough::
0
05fdmlAuthor Commented:
interesting development. apparently a few users are using their iphones at work while they are connected to their computers (only to charge them though they tell me).

So I am wondering if there is something to that?

0
JohnGerhardtCommented:
ipHone connected to the networks via a USB wont have this effect...
0
touchstar-bradyCommented:
The best solution is to put pot in the IT guy's lunch box, and call the boss over.  Or the power supply of his computer.  

You said manually configuring the clients does the same thing though, right?  I think that something is poisoning the DNS cache on one the the DNS servers.  DNS servers can cache query responses.  
If possible, try dropping one of those DNS servers off the network, flushing DNS settings on a client that you know has had that issue and see if you see the same thing.  Get the same thing, drop the other one.  

You are running anti-virus software on these machines, and keeping them up to date, right?  I dont have to go down that road, right?  (please say no, please say no, please say no)

Also, you can check your switch if it's an L3 switch (depends on the switches firmware, etc etc) for any hosts that are on that network.  Another thing that you can try is to set your machine on the 192.168.x.x and use something like Angry IP scanner to suss out the rogue machine.  

And for f$ck sake use the Windows DHCP services man.  Just do it.

Hope this helps.    

0
05fdmlAuthor Commented:
I'm giving the points cause you were first with the helpful hints, etc.

I went to the site and in 10 minutes found out what happened. Someone turned on and plugged in a wireless router they found at the site. Turns out the guy there did not check very throughly for what I asked him to check for....

I yanked the router, and when people come in they will ipconfig /flushdns */registerdns
and all should be happy and fine.

Thanks again for the help
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.