Wrong DNS entry in IPCONFIG /ALL
Hello,
I have a domain setup and when I run ipconfig /all I see a list of all my dns servers that my router has listed. The problem is, one of the IP addresses is incorrect and its not listed in my router, or DNS server anywhere. I talked to my ISP and its not one of their servers either.
I've cleared the DNS cache, restarted the DNS servers, cleared DNS cache off of the client pc and updated DNS, I'm still getting this 'ghost' dns IP. The IP isn't pingable, NSlookup doesn't show it, I'm not sure where it came from.
IS there anywhere else it could pull this IP from? We use DHCP and it shows on every machine in my domain, I just can't find this IP address anywhere.
I have a domain setup and when I run ipconfig /all I see a list of all my dns servers that my router has listed. The problem is, one of the IP addresses is incorrect and its not listed in my router, or DNS server anywhere. I talked to my ISP and its not one of their servers either.
I've cleared the DNS cache, restarted the DNS servers, cleared DNS cache off of the client pc and updated DNS, I'm still getting this 'ghost' dns IP. The IP isn't pingable, NSlookup doesn't show it, I'm not sure where it came from.
IS there anywhere else it could pull this IP from? We use DHCP and it shows on every machine in my domain, I just can't find this IP address anywhere.
if you are running a windows domain do you have windows dhcp service running? if so is this setting in yous scope options?
Does this machine have a virus/spyware on it? I know malware sometimes hijacks dns, maybe some process keeps adding this dns server. Since it's not one of your or one of your ISP's, can you post the IP here? Plug it into google, I'm sure someone else has run into this.
ASKER
Hello,
We are running DHCP, but I don't see that IP anywhere listed under the scope, in the pool, or leases. There isn't a reservation setup for it either.
The server has updated virus scan and is fully patched.. I've ran a few different spyware/free online virus scans as well just to make sure. Its reported back clean so I don't think its a virus. However, this is a possibility still.
The IP address is only 1 digit off. To me it looks like a typo, since there a .123 instead of .128, I just can't find it anywhere in my router or servers.
We are running DHCP, but I don't see that IP anywhere listed under the scope, in the pool, or leases. There isn't a reservation setup for it either.
The server has updated virus scan and is fully patched.. I've ran a few different spyware/free online virus scans as well just to make sure. Its reported back clean so I don't think its a virus. However, this is a possibility still.
The IP address is only 1 digit off. To me it looks like a typo, since there a .123 instead of .128, I just can't find it anywhere in my router or servers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It was showing on all of my machines, and looks like it was showing under scope options. I must of just looked over it the last time I checked. Thanks a ton!