asked on DNS Zone keeps populating with 192.168.x.x IP's
Hey guys,
I noticed on my domain dns zone I keep having machines populated with IP's of 192.168.1.x, hundreds of them. At our office we all have laptops that we take home and bring in to the office (we have no desktops at the office for employees). We don't use 192.168.x.x at all anywhere on our network we use 10.x.x.x. subnets. Why am I seeing tons of HOST A records for users laptops with 192 addresses? I delete them and new ones come back!
How can I prevent this from being populated in my dns forward lookup zone?
I noticed on my domain dns zone I keep having machines populated with IP's of 192.168.1.x, hundreds of them. At our office we all have laptops that we take home and bring in to the office (we have no desktops at the office for employees). We don't use 192.168.x.x at all anywhere on our network we use 10.x.x.x. subnets. Why am I seeing tons of HOST A records for users laptops with 192 addresses? I delete them and new ones come back!
How can I prevent this from being populated in my dns forward lookup zone?
Windows Server 2003DNS
Last Comment
Keith Alabaster
Open, unencrypted wireless network?
You must have a dhcp server with a scope to release 192.168.x.x ip addresses, a rouge dhcp server
This could be a server, router, wireless device - http://en.wikipedia.org/wiki/Rogue_DHCP
Try this tool
http://technet.microsoft.com/en-us/library/cc759117.aspx
This could be a server, router, wireless device - http://en.wikipedia.org/wiki/Rogue_DHCP
Try this tool
http://technet.microsoft.com/en-us/library/cc759117.aspx
ASKER
We have wireless networks but they serve up 10.x.x.x. addresses.
We only have one DHCP server same thing only 10.x.x.x. addresses.
Our company has never used 192.168.x.x ever for anything on our network.
Going to check out that tool.
We only have one DHCP server same thing only 10.x.x.x. addresses.
Our company has never used 192.168.x.x ever for anything on our network.
Going to check out that tool.
ASKER
That tool did not find anything unusual.
If a user takes their laptop home, plugs in into their network and grabs a 192.168 IP from their home network and then comes back to our office and connects the laptop to our network is it somehow transferring that 192.168 ip to our dns server?
If a user takes their laptop home, plugs in into their network and grabs a 192.168 IP from their home network and then comes back to our office and connects the laptop to our network is it somehow transferring that 192.168 ip to our dns server?
No - it should not transfer. Even if the user brought back a machine that had a static ip on the 192.168.x.y network, it still should not work as it would not be able to communicate with anything as you say nothing else uses that subnet. it certainly would not account for '100's of them'.
What about VPN's - do you allow vpn access?
Might be worth using wireshark or Microsofts net monitor 3.2 to see where this traffic is coming from.
Additionally, if you have managed switches, you could review the traffic using a mirror or span port and tracing the MAC addresses of the machines that issue the 192.168.x.y call.
What about VPN's - do you allow vpn access?
Might be worth using wireshark or Microsofts net monitor 3.2 to see where this traffic is coming from.
Additionally, if you have managed switches, you could review the traffic using a mirror or span port and tracing the MAC addresses of the machines that issue the 192.168.x.y call.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Could be that. In each of the nic settings, there is an option for each nic to register with the dns - just untick it for the wireless card but i think you will have to get each user to do it.....