On Mon, Feb 8, 2010 at 5:19 PM, Emmanuel Sekyewa <[email protected]> wrote: > Mike, the DHCP server is running on Windows server 2003, will tcpdump still > apply in this case? I also changed the scope with reference to the new > addressing scheme. > Dan, it's a windows domain :-( > There are a number of unmanaged switches on the network, if at all there is > any possibility that one of them could be supplying client machines with a > wrong entry, before the DHCP server does, how is it that this only started > happening after changing the addressing scheme? >
If you are using a Windows DHCP server, you *MUST* delete and recreate a scope to suit your current setup. Of course this would not cause a rouge DHCP server. ipconfig /all will show you the IP address of the rouge DHCP server and then you can take it down. The other option is to use group policies down to your computers to respond to DHCP servers with a given option string in their DHCP offer. This way, you make sure that they get IP addresses from the correct server only. tcpdump would still work, but you need to run it off a UNIX/Linux installation. Im not sure whether there is a windows installation of tcpdump. > > > On 8 February 2010 16:38, Mike Barnard <[email protected]> wrote: >> >> On Mon, Feb 8, 2010 at 3:36 PM, Emmanuel Sekyewa <[email protected]> >> wrote: >> > Good afternoon, >> > >> > I'm in a situation in which after changing the IP addressing scheme on a >> > network, certain machines obtain a wrong entry for DNS at startup, but >> > when >> > I run an ipconfig /release and subsequently /renew, they pick up the >> > correct >> > settings/configuration for the DNS server. I have gone through my DHCP >> > configuration a number of times to ensure that the correct IP addresses >> > are >> > specified for the primary and secondary DNS servers, but this still >> > keeps >> > coming up. >> > This even happens after flushing the DNS cache on a client machine and >> > rebooting. >> > Any ideas of what could be causing this? Or a viable work around? >> > >> >> 1 -- what platform are you running you DHCP server? >> 2 -- The quickest way to check whether you have another DHCP server on >> the LAN is to run tcpdump and listen out for any bootp traffic. A >> quick run of tcpdump -i <interface> -n port 67 or port 68 will show >> you all bootp traffic on your LAN. >> 3 -- If you did not change the scope on your DHCP server, you may end >> up with some wrong info. >> >> >> >> -- >> Mike >> >> Of course, you might discount this possibility, but remember that one in >> a million chances happen 99% of the time. >> ------------------------------------------------------------ >> _______________________________________________ >> LUG mailing list >> [email protected] >> http://kym.net/mailman/listinfo/lug >> %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ >> >> The above comments and data are owned by whoever posted them (including >> attachments if any). The List's Host is not responsible for them in any way. >> --------------------------------------- >> > > > > -- > Emmanuel C. Sekyewa > > +256 782 199 202 > > _______________________________________________ > LUG mailing list > [email protected] > http://kym.net/mailman/listinfo/lug > %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The List's Host is not responsible for them in any way. > --------------------------------------- > > > -- Mike Of course, you might discount this possibility, but remember that one in a million chances happen 99% of the time. ------------------------------------------------------------ _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
