|
Posted by =?Utf-8?B?U1FMREFXRw==?= on September 20, 2007, 5:26 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Ok Chris!!!!
Routers involve: DHCP relay agents.
Dns servers in different location regular sync shoudl take place.
Host A records checking should be done by the Dns server.
Secure Dynamic updates only work Xp machines.
Check the events on your Dhcp server!!!
Check the events on your Dns server
Check the events on AD.....thats havoc when your Dns dont work properly
because AD is fully dependent on your Dns....replication just to mension.
My opinion this is a DHCP issue because DHCP is responsible for the DNS
distribution....RELAY AGENTS VERY IMPORTANT
THIS IS ON SERVER 2003?
SQLDAWG
PTA RSA 2010 soccer/wcup
"Christopher A. Newell" wrote:
> I posted on this a couple of weeks ago and then the problem "appeared" to
> clear up for a while.
>
> This appeared to be a very sporadic problem, but as I look more closely it
> seems to be more prevalent than I had imagined.
>
> I have a medium-small, but moderatly complex network configured in 7 logical
> segments, each operating on it's own IP subnet. In three of the segments,
> dynamically addressed PCs are transiently loosing their DNS entries,
> multiple local DNS servers being replaced by 168.95.1.1, an operating DNS
> server in Taiwan. (in fact the only service answering on about half of the
> 168.95.1.x subnet is DNS) The loss of the correct DNS entrires disrupts the
> client's network connectivity until the configuration is restored (all
> Internet access for user PCs is through a proxy server, our firewall
> prevents any client address from communicating with the Internet in any
> other way, so the affected PC gets no response at all.) "ipconfig /renew"
> seems to correct the problem, as does re-strating the PC.
>
> As a temporary workaround, I have assigned the outside IP to one of my
> internal DNS servers and routed all requests for that IP to the correct LAN
> address. This is preserving my users' connectivity but is eliminating thier
> calls for help to notify me.
>
> After implementing the temporary solution, I have been monitoring detailed
> traffic on the DNS server, only to find that inquiries using the off-site IP
> are almost constant. It seems like there is one PC, occasionally two, using
> that IP for DNS (and SMB and a few other protocols) just about all the time,
> although the issue seems to move from computer to computer at no
> identifiable interval. Apparently, either some of the users are
> experiencing problems and just re-starting or the DNS error is not lasting
> long enough to cause them to actually see the connectivity loss.
>
> These PCs are in three different network segments, broken up at Layer 3,
> configured by three different DHCP servers (although all are in the same AD
> forrest.) Before I identified the problem being present in three different
> segments, I tried stopping the known DHCP server and trying to obtain
> address information - No rogue DHCP apparent. We are using 128 WEP on a
> small number of wireless APs, but I have ruled out a customer notebook with
> an ICS configuration running.
>
> I have run throuough Spyware and AV scanns of some of the affected PCs with
> no notable results (CA-ITM and Spybot S&D). Staticly addressed PCs are not
> affected and one IP subnet that is dynamically addressed but operates in an
> independent AD domain also seems to be OK.
>
> Has anybody else ever seen anything remotely like this ?
>
> Any ideas what I can look at to figure out where a changing DNS IP could be
> getting injected into the system, across routers?
>
> I think that I would have gotten an incorrect IP configuration if I had a
> hardware based DHCP on the LAN (like a SOHO router), but it may bear noting
> that a search on that IP reveals it to be one of the most commonly
> referenced publicly accessable DNS servers. The IP appears in many pieces
> of hardware documentation (again, like SOHO gateways).
>
>
>
| 
XML site map