?
Solved

DNS server returns unknown IP address

Posted on 2009-05-05
6
Medium Priority
?
1,224 Views
Last Modified: 2012-05-06
Starting this morning, our file server was giving very slow response time when the user tries to open a folder on the server. it takes anywhere from 45s to 65s to open the shared folder. But once the shared folder is opened, moving around within the shared folder is very fast (less than 2 sec).  

When we ping, the DNS replies with an unknow IP address as the server i.e. server IP should be 10.0.0.2 but ping <server name> says it is 10.0.0.7. We do not know where the IP of 10.0.0.7 comes from. We have tried shutting down all routers, switches, servers in case the 10.0.0.7 was cached somewhere but apparently it did not help.

Any suggestions anyone?

0
Comment
Question by:artradis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 225 total points
ID: 24303808
Is it really the DNS which gives you that address? Did you check with 'nslookup'?
Could be an entry in the local 'hosts' file!  
 
0
 
LVL 11

Assisted Solution

by:manav08
manav08 earned 525 total points
ID: 24303892
Sounds like it is the case of a ROGUE DHCP SERVER on the network. An infected PC might be acting like a ROGUE DHCP and disguising itself to act as DNS Server and DHCP Server even when the actual IP you see is that of the server. I have seen this happen before. It is important to detect and isolate the infected machine.
Here is the procedure - http://www.experts-exchange.com/Microsoft/Server_Applications/Q_24163597.html?sfQueryTermInfo=1+10+63.243.173.162+64.86.133.51
0
 
LVL 11

Assisted Solution

by:manav08
manav08 earned 525 total points
ID: 24303903
Basically you will have to use the dhcploc tool to detect the ROGUE DHCP Server if any... If any problems using the tool, kindly ask..
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 

Author Comment

by:artradis
ID: 24304860
Hi all, Thanks for the comment.

1. No it was not the local host file. However previously we ecnountered this before and the only way to resolve was to shutdown PC the pull the power plug (i.e. total no power to PC).

2. I ran "dhcploc 10.0.0.27 10.0.0.6" and pressed "d" (for discovery) several times. but nothing seems to happen at all.  We only have one DHCP server on our LAN, all out PCs are Static IP.

Any other suggestions welcomed. Thanks.
0
 

Assisted Solution

by:sj_saravanan
sj_saravanan earned 300 total points
ID: 24333333
is the IP address is static or DHPC provided IP. if it is static check the primary DNS and secondary dns entries in tcp/ip propertise. and use IPCONFIG\FLUSHDNS , ipconfig\registerdns commands.
If it is dhcp ip, try to renew the ip address ipconfig\renew.and check your dns server may be one or more records created in the same ip address.
0
 
LVL 1

Accepted Solution

by:
Icontech earned 450 total points
ID: 24333675
Hi,
1. Use NS Lookup and verify the DNS Server.
2. Connect to 10.0.0.7 IP via any Remote desktop tool which by mismatch showing as a DNS Server.
3. Check NS Record in the DNS Server, Whether the IP and the Server name correct or not.
4. Can you able to ping 10.0.0.2 (Your actual DNS Server). If yes means, Connect to the server remotely and check the DNS Management. (Primary Zone, NS Record and etc...)
5. Without authorizing, there cannot be a DHCP Server activated(Rogue DHCP Server). If there is any Authorized Additional DHCP Server in your network means check and verify using dhcploc.exe tool and remove the same from the network.

-Thanks
PREMKUMAR
0

Featured Post

Limited time offer using promo code EXPERTS30

Designed with a wealth of functionality and convenience, ATEN's new Thunderbolt™ 2 Sharing Switch takes your Thunderbolt setup to the next level. Now through September 15, 2017, Experts Exchange members get 30% off the US7220 on the ATEN USA eShop using promo code EXPERTS30.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question