Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 53
  • Last Modified:

DNS setting changed by itself to 192.168.1.1 on some workstations ?

People,

Can anyone here please assist me of what could be the problem here with my remote office issue?

Some workstations got their DNS server changed into 192.168.1.1 intermittently.

There is Windows DHCP server in the remote office that issue DHCP iP and DNS but not sure what's keep on changing it randomly.

Thanks in advance
0
Senior IT System Engineer
Asked:
Senior IT System Engineer
  • 3
  • 2
3 Solutions
 
Sreejith SugathanSenior Network Support EngineerCommented:
Try using a DHCP rogue detector tool to see if someone has configured a DHCP server somewhere in the network. Are you able to ping the IP address? Is it in the same range as your network is in?
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
The rogue DNS IP 192.168.1.1 somehow is different subnet than the current remote office IP address class.
0
 
Sreejith SugathanSenior Network Support EngineerCommented:
You can see if there are any other DHCP servers running in the environment  - the rogue checker download link is in the TechNet article below.

http://social.technet.microsoft.com/wiki/contents/articles/25660.how-to-prevent-rogue-dhcp-servers-on-your-network.aspx

Guess the best way forward if to rule out this first.
2
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
masnrockCommented:
I bet someone in that office connected a router to the network. Had an instance where someone basically tried to work around to get a switch via an office supply store, ordered a router by mistake, the connected it incorrectly. Not sure what type of switches you have, but if you are using managed ones, that could be the key to tracking down exactly where the rouge DHCP server it.
1
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks all for the response.

Yes, It is a rogue device detecte by the GUI DHCP roge detection tool.

now I will need to know what is behind this IP: 192.168.1.1
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now