I still havent received Melvin's original reply, so I'm just gonna reply to this:
Are you saying you used netsh to add DNS servers, or you used netsh to confirm that the "bad" DNS servers were via added DHCP or static? -- Espi On Thu, Apr 24, 2014 at 7:35 AM, Andrew S. Baker <[email protected]> wrote: > If static works rather than DHCP, then it might not be a Group Policy > issue. Time to look at Kevin's suggestion. > > > > > > > *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> > *Providing Virtual CIO Services (IT Operations & Information Security) for > the SMB market...* > > > > > On Thu, Apr 24, 2014 at 10:31 AM, Melvin Backus > <[email protected]>wrote: > >> Yep, been there. That's actually our temp solution, make them static >> instead of dhcp. >> >> >> >> -- >> There are 10 kinds of people in the world... >> those who understand binary and those who don't. >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Micheal Espinola Jr >> *Sent:* Thursday, April 24, 2014 10:26 AM >> *To:* ntsysadm >> *Subject:* Re: [NTSysADM] DNS server settings getting changed >> >> >> >> Have you confirmed if the DNS addresses are static or DHCP provided? >> This netsh should help you: >> >> netsh interface ip show dns >> >> >> -- >> Espi >> >> >> >> >> >> On Thu, Apr 24, 2014 at 5:26 AM, Melvin Backus <[email protected]> >> wrote: >> >> OK, this has been driving us nuts for a couple of days now. >> >> >> >> One of our remote sites is seeing seemingly random PCs change their DNS >> server settings. They're all configured to get them from the DHCP server, >> and it has the correct DNS servers. All the PCs do in fact get the correct >> settings when they get or renew an IP. That all seems to be working as we >> expect. But periodically we'll see a machine change the DNS servers to >> something else. This causes applications to start failing because the >> hosts they need no longer resolve. As soon as the PC renews it's IP, >> whether automatically or manually, everything goes back to normal and stuff >> works again. >> >> >> >> We have a short term fix (force the DNS server settings manually instead >> of DHCP) but that doesn't explain what's going on, and since we're using >> this same setup in 20 offices it also begs the question of why just this >> office. >> >> >> >> Background: >> >> Multiple small offices with either /28 or /27 networks. They are >> publicly routable IPs due to requirements for a partner VPN. The DHCP >> server is on the Juniper SSG FW. It servers two pools, one for PCs, >> another for phones. The PC subnet is publicly routable, the phone subnet >> is a non-routable 10.x subnet with matching ranges. (12.x.x.x/27 and >> 10.x.x.x/27). All DNS points to the home office. Until recently these >> pointed strictly to our domain DNS servers. As part of the VPN requirement >> we have set up a second set of DNS servers which are used to resolve hosts >> in the partner's domains. This is done with conditional forwarders. >> Partner DNS traffic gets resolved by their servers, everything else goes to >> our domain DNS or the Internet as required. >> >> >> >> This all works fine except in a single office. Even in that office it >> worked fine for weeks and has suddenly started this "revert" behavior. >> When the PCs change, they go back to pointing to our domain DNS which can't >> resolve the partner hosts. >> >> >> >> My question becomes (sorry it took so long) how do we track what is >> actually changing the DNS settings? I can tell when it happens fairly >> easily, but nothing in the event logs, etc., seems to indicate what >> triggered it, or what process is doing it. It doesn't happen as part of a >> DHCP operation as best we can tell. >> >> >> >> >> >> -------------------- >> Melvin Backus | Sr. Systems Analyst | Byers Engineering Company | >> 404.497.1565 >> >> Service Desk | 404-497-1599 | http://servicedesk.byers.com >> >> -- >> There are 10 kinds of people in the world... >> those who understand binary and those who don't. >> >> >> >> >> > >
