Avatar of FLVS_407
Flag for United States of America asked on

DNS Zone keeps populating with 192.168.x.x IP's

Hey guys,
I noticed on my domain dns zone I keep having machines populated with IP's of 192.168.1.x, hundreds of them. At our office we all have laptops that we take home and bring in to the office (we have no desktops at the office for employees). We don't use 192.168.x.x at all anywhere on our network we use 10.x.x.x. subnets. Why am I seeing tons of HOST A records for users laptops with 192 addresses? I delete them and new ones come back!

How can I prevent this from being populated in my dns forward lookup zone?
Windows Server 2003DNS

Avatar of undefined
Last Comment
Keith Alabaster

8/22/2022 - Mon
Andrew Porter

Open, unencrypted wireless network?

You must have a dhcp server with a scope to release 192.168.x.x ip addresses, a rouge dhcp server
This could be a server, router, wireless device - http://en.wikipedia.org/wiki/Rogue_DHCP
Try this tool

We have wireless networks but they serve up 10.x.x.x. addresses.
We only have one DHCP server same thing only 10.x.x.x. addresses.
Our company has never used 192.168.x.x ever for anything on our network.
Going to check out that tool.
Your help has saved me hundreds of hours of internet surfing.

That tool did not find anything unusual.
If a user takes their laptop home, plugs in into their network and grabs a 192.168 IP from their home network and then comes back to our office and connects the laptop to our network is it somehow transferring that 192.168 ip to our dns server?
Keith Alabaster

No - it should not transfer. Even if the user brought back a machine that had a static ip on the 192.168.x.y network, it still should not work as it would not be able to communicate with anything as you say nothing else uses that subnet. it certainly would not account for '100's of them'.

What about VPN's - do you allow vpn access?
Might be worth using wireshark or Microsofts net monitor 3.2 to see where this traffic is coming from.
Additionally, if you have managed switches, you could review the traffic using a mirror or span port and tracing the MAC addresses of the machines that issue the 192.168.x.y call.


View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Keith Alabaster

Could be that. In each of the nic settings, there is an option for each nic to register with the dns - just untick it for the wireless card but i think you will have to get each user to do it.....
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.