Solved

DNS server returns unknown IP address

Posted on 2009-05-05
6
1,130 Views
Last Modified: 2012-05-06
Starting this morning, our file server was giving very slow response time when the user tries to open a folder on the server. it takes anywhere from 45s to 65s to open the shared folder. But once the shared folder is opened, moving around within the shared folder is very fast (less than 2 sec).  

When we ping, the DNS replies with an unknow IP address as the server i.e. server IP should be 10.0.0.2 but ping <server name> says it is 10.0.0.7. We do not know where the IP of 10.0.0.7 comes from. We have tried shutting down all routers, switches, servers in case the 10.0.0.7 was cached somewhere but apparently it did not help.

Any suggestions anyone?

0
Comment
Question by:artradis
6 Comments
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 75 total points
ID: 24303808
Is it really the DNS which gives you that address? Did you check with 'nslookup'?
Could be an entry in the local 'hosts' file!  
 
0
 
LVL 11

Assisted Solution

by:manav08
manav08 earned 175 total points
ID: 24303892
Sounds like it is the case of a ROGUE DHCP SERVER on the network. An infected PC might be acting like a ROGUE DHCP and disguising itself to act as DNS Server and DHCP Server even when the actual IP you see is that of the server. I have seen this happen before. It is important to detect and isolate the infected machine.
Here is the procedure - http://www.experts-exchange.com/Microsoft/Server_Applications/Q_24163597.html?sfQueryTermInfo=1+10+63.243.173.162+64.86.133.51
0
 
LVL 11

Assisted Solution

by:manav08
manav08 earned 175 total points
ID: 24303903
Basically you will have to use the dhcploc tool to detect the ROGUE DHCP Server if any... If any problems using the tool, kindly ask..
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:artradis
ID: 24304860
Hi all, Thanks for the comment.

1. No it was not the local host file. However previously we ecnountered this before and the only way to resolve was to shutdown PC the pull the power plug (i.e. total no power to PC).

2. I ran "dhcploc 10.0.0.27 10.0.0.6" and pressed "d" (for discovery) several times. but nothing seems to happen at all.  We only have one DHCP server on our LAN, all out PCs are Static IP.

Any other suggestions welcomed. Thanks.
0
 

Assisted Solution

by:sj_saravanan
sj_saravanan earned 100 total points
ID: 24333333
is the IP address is static or DHPC provided IP. if it is static check the primary DNS and secondary dns entries in tcp/ip propertise. and use IPCONFIG\FLUSHDNS , ipconfig\registerdns commands.
If it is dhcp ip, try to renew the ip address ipconfig\renew.and check your dns server may be one or more records created in the same ip address.
0
 
LVL 1

Accepted Solution

by:
Icontech earned 150 total points
ID: 24333675
Hi,
1. Use NS Lookup and verify the DNS Server.
2. Connect to 10.0.0.7 IP via any Remote desktop tool which by mismatch showing as a DNS Server.
3. Check NS Record in the DNS Server, Whether the IP and the Server name correct or not.
4. Can you able to ping 10.0.0.2 (Your actual DNS Server). If yes means, Connect to the server remotely and check the DNS Management. (Primary Zone, NS Record and etc...)
5. Without authorizing, there cannot be a DHCP Server activated(Rogue DHCP Server). If there is any Authorized Additional DHCP Server in your network means check and verify using dhcploc.exe tool and remove the same from the network.

-Thanks
PREMKUMAR
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can't connect to LDAP over SSL (port 636) 6 55
Secondary DC 3 51
RDNS & PTR Recrods for mail server 4 16
DNS error assumed 8 38
Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now