Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

DNS server returns unknown IP address

Posted on 2009-05-05
6
1,154 Views
Last Modified: 2012-05-06
Starting this morning, our file server was giving very slow response time when the user tries to open a folder on the server. it takes anywhere from 45s to 65s to open the shared folder. But once the shared folder is opened, moving around within the shared folder is very fast (less than 2 sec).  

When we ping, the DNS replies with an unknow IP address as the server i.e. server IP should be 10.0.0.2 but ping <server name> says it is 10.0.0.7. We do not know where the IP of 10.0.0.7 comes from. We have tried shutting down all routers, switches, servers in case the 10.0.0.7 was cached somewhere but apparently it did not help.

Any suggestions anyone?

0
Comment
Question by:artradis
6 Comments
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 75 total points
ID: 24303808
Is it really the DNS which gives you that address? Did you check with 'nslookup'?
Could be an entry in the local 'hosts' file!  
 
0
 
LVL 11

Assisted Solution

by:manav08
manav08 earned 175 total points
ID: 24303892
Sounds like it is the case of a ROGUE DHCP SERVER on the network. An infected PC might be acting like a ROGUE DHCP and disguising itself to act as DNS Server and DHCP Server even when the actual IP you see is that of the server. I have seen this happen before. It is important to detect and isolate the infected machine.
Here is the procedure - http://www.experts-exchange.com/Microsoft/Server_Applications/Q_24163597.html?sfQueryTermInfo=1+10+63.243.173.162+64.86.133.51
0
 
LVL 11

Assisted Solution

by:manav08
manav08 earned 175 total points
ID: 24303903
Basically you will have to use the dhcploc tool to detect the ROGUE DHCP Server if any... If any problems using the tool, kindly ask..
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 

Author Comment

by:artradis
ID: 24304860
Hi all, Thanks for the comment.

1. No it was not the local host file. However previously we ecnountered this before and the only way to resolve was to shutdown PC the pull the power plug (i.e. total no power to PC).

2. I ran "dhcploc 10.0.0.27 10.0.0.6" and pressed "d" (for discovery) several times. but nothing seems to happen at all.  We only have one DHCP server on our LAN, all out PCs are Static IP.

Any other suggestions welcomed. Thanks.
0
 

Assisted Solution

by:sj_saravanan
sj_saravanan earned 100 total points
ID: 24333333
is the IP address is static or DHPC provided IP. if it is static check the primary DNS and secondary dns entries in tcp/ip propertise. and use IPCONFIG\FLUSHDNS , ipconfig\registerdns commands.
If it is dhcp ip, try to renew the ip address ipconfig\renew.and check your dns server may be one or more records created in the same ip address.
0
 
LVL 1

Accepted Solution

by:
Icontech earned 150 total points
ID: 24333675
Hi,
1. Use NS Lookup and verify the DNS Server.
2. Connect to 10.0.0.7 IP via any Remote desktop tool which by mismatch showing as a DNS Server.
3. Check NS Record in the DNS Server, Whether the IP and the Server name correct or not.
4. Can you able to ping 10.0.0.2 (Your actual DNS Server). If yes means, Connect to the server remotely and check the DNS Management. (Primary Zone, NS Record and etc...)
5. Without authorizing, there cannot be a DHCP Server activated(Rogue DHCP Server). If there is any Authorized Additional DHCP Server in your network means check and verify using dhcploc.exe tool and remove the same from the network.

-Thanks
PREMKUMAR
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Fortigate 100D NTP Issue 4 105
DNS error assumed 8 71
Server 2016: DNS on the server or router? Advices? 4 30
page view and f5 big ip 4 16
This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question