How sure are you that there isn't another DHCP server in the mix? Have you ever looked at the what DHCP server a machine with bad DNS settings has?
Also, I must say that I've never seen a requirement for a partner VPN (private network) that required individual client machines to have PUBLIC addresses. *>>As part of the VPN requirement we have set up a second set of DNS servers which are used to resolve hosts in the partner's domains. * Why would you need separate DNS servers to handle this? *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> *Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market...* On Thu, Apr 24, 2014 at 8:26 AM, Melvin Backus <[email protected]>wrote: > OK, this has been driving us nuts for a couple of days now. > > > > One of our remote sites is seeing seemingly random PCs change their DNS > server settings. They're all configured to get them from the DHCP server, > and it has the correct DNS servers. All the PCs do in fact get the correct > settings when they get or renew an IP. That all seems to be working as we > expect. But periodically we'll see a machine change the DNS servers to > something else. This causes applications to start failing because the > hosts they need no longer resolve. As soon as the PC renews it's IP, > whether automatically or manually, everything goes back to normal and stuff > works again. > > > > We have a short term fix (force the DNS server settings manually instead > of DHCP) but that doesn't explain what's going on, and since we're using > this same setup in 20 offices it also begs the question of why just this > office. > > > > Background: > > Multiple small offices with either /28 or /27 networks. They are publicly > routable IPs due to requirements for a partner VPN. The DHCP server is on > the Juniper SSG FW. It servers two pools, one for PCs, another for > phones. The PC subnet is publicly routable, the phone subnet is a > non-routable 10.x subnet with matching ranges. (12.x.x.x/27 and > 10.x.x.x/27). All DNS points to the home office. Until recently these > pointed strictly to our domain DNS servers. As part of the VPN requirement > we have set up a second set of DNS servers which are used to resolve hosts > in the partner's domains. This is done with conditional forwarders. > Partner DNS traffic gets resolved by their servers, everything else goes to > our domain DNS or the Internet as required. > > > > This all works fine except in a single office. Even in that office it > worked fine for weeks and has suddenly started this "revert" behavior. > When the PCs change, they go back to pointing to our domain DNS which can't > resolve the partner hosts. > > > > My question becomes (sorry it took so long) how do we track what is > actually changing the DNS settings? I can tell when it happens fairly > easily, but nothing in the event logs, etc., seems to indicate what > triggered it, or what process is doing it. It doesn't happen as part of a > DHCP operation as best we can tell. > > > > > > -------------------- > Melvin Backus | Sr. Systems Analyst | Byers Engineering Company | > 404.497.1565 > > Service Desk | 404-497-1599 | http://servicedesk.byers.com > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > >
