demmons-ssit
asked on
DNS Resolving local Names as external IP address
This occures randomly through out the day. All workstations have experienced it. It usually only lasts for a few minutes or until I flush and register the DNS on the workstation.
This is a standard SBS 2003 server that does DHCP, DNS, File serving, print serving. Just basic stuff.
I have scoured through the DNS settings, they seem ok. I have also checked the firewall to make sure DNS is disabled on it.
In the example below it should be resolve 192.168.4.233
Example:
C:\Documents and Settings\user>ping server01
Pinging p12p-i.geo.vip.re4.yahoo.c
Reply from 216.39.57.107: bytes=32 time=86ms TTL=52
Reply from 216.39.57.107: bytes=32 time=109ms TTL=52
Reply from 216.39.57.107: bytes=32 time=96ms TTL=52
Ping statistics for 216.39.57.107:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 86ms, Maximum = 109ms, Average = 97ms
This is a standard SBS 2003 server that does DHCP, DNS, File serving, print serving. Just basic stuff.
I have scoured through the DNS settings, they seem ok. I have also checked the firewall to make sure DNS is disabled on it.
In the example below it should be resolve 192.168.4.233
Example:
C:\Documents and Settings\user>ping server01
Pinging p12p-i.geo.vip.re4.yahoo.c
Reply from 216.39.57.107: bytes=32 time=86ms TTL=52
Reply from 216.39.57.107: bytes=32 time=109ms TTL=52
Reply from 216.39.57.107: bytes=32 time=96ms TTL=52
Ping statistics for 216.39.57.107:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 86ms, Maximum = 109ms, Average = 97ms
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Just fixed it... This was a doozey!
The DNS settings all look fine on the server.
I checked DHCP and there was an entry for two external IP addresses as secondary DNS servers being dished out to workstations. So every workstation could browse the intertubes even if the server went down. Mind you I just took over this environment, don't know what the previous sys admin was thinking. The two Public IP's set as DNS servers for workstations were from CBeyond and a DSL company.
Looking at the A records for the company website host name I noticed an odd A record that was resolving *.DomainName.com to the Yahoo IP in the OP.
Basically the path and randomness looked like this...
Server was overloaded with requests, the workstation tapped its secondary DNS, the secondary DNS can resolve *.domainname.com so it was resolving private hostnames as that public Yahoo IP. The local DNS server finally cools off from requests and the clients revert back to primary DNS.
I can confirm the fix, the DNS path and everything but the workstations flipping to secondary DNS. I don't know how to track that.
Thanks guys!
The DNS settings all look fine on the server.
I checked DHCP and there was an entry for two external IP addresses as secondary DNS servers being dished out to workstations. So every workstation could browse the intertubes even if the server went down. Mind you I just took over this environment, don't know what the previous sys admin was thinking. The two Public IP's set as DNS servers for workstations were from CBeyond and a DSL company.
Looking at the A records for the company website host name I noticed an odd A record that was resolving *.DomainName.com to the Yahoo IP in the OP.
Basically the path and randomness looked like this...
Server was overloaded with requests, the workstation tapped its secondary DNS, the secondary DNS can resolve *.domainname.com so it was resolving private hostnames as that public Yahoo IP. The local DNS server finally cools off from requests and the clients revert back to primary DNS.
I can confirm the fix, the DNS path and everything but the workstations flipping to secondary DNS. I don't know how to track that.
Thanks guys!
ASKER
Thank you, checking the DNS settings using ipconfig /all did indeed show the two extra public IP's under the secondary DNS field. Which is what I believe you were trying to convey here.
C:\Windows\System32\Driver
Should only really need to have localhost in there as an entry, anything is prob. suspicious.