RE: [NTSysADM] DNS server settings getting changed

[Melvin Backus]

Normal configuration is set to DHCP supplied.  Confirmation both via netsh and 
visual via gui on affected machines.  I have temporarily set them to static via 
netsh to prevent the problem from stopping production while we trouble shoot it 
on some of the idle machines.

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Micheal Espinola Jr
Sent: Thursday, April 24, 2014 10:59 AM
To: ntsysadm
Subject: Re: [NTSysADM] DNS server settings getting changed

I still havent received Melvin's original reply, so I'm just gonna reply to 
this:
Are you saying you used netsh to add DNS servers, or you used netsh to confirm 
that the "bad" DNS servers were via added DHCP or static?

--
Espi


On Thu, Apr 24, 2014 at 7:35 AM, Andrew S. Baker 
<asbz...@gmail.com<mailto:asbz...@gmail.com>> wrote:
If static works rather than DHCP, then it might not be a Group Policy issue.  
Time to look at Kevin's suggestion.






ASB
http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker>
Providing Virtual CIO Services (IT Operations & Information Security) for the 
SMB market...




On Thu, Apr 24, 2014 at 10:31 AM, Melvin Backus 
<melvin.bac...@byers.com<mailto:melvin.bac...@byers.com>> wrote:
Yep, been there.  That's actually our temp solution, make them static instead 
of dhcp.

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Micheal Espinola Jr
Sent: Thursday, April 24, 2014 10:26 AM
To: ntsysadm
Subject: Re: [NTSysADM] DNS server settings getting changed

Have you confirmed if the DNS addresses are static or DHCP provided?  This 
netsh should help you:
netsh interface ip show dns

--
Espi


On Thu, Apr 24, 2014 at 5:26 AM, Melvin Backus 
<melvin.bac...@byers.com<mailto:melvin.bac...@byers.com>> wrote:
OK, this has been driving us nuts for a couple of days now.

One of our remote sites is seeing seemingly random PCs change their DNS server 
settings.  They're all configured to get them from the DHCP server, and it has 
the correct DNS servers.  All the PCs do in fact get the correct settings when 
they get or renew an IP.  That all seems to be working as we expect.  But 
periodically we'll see a machine change the DNS servers to something else.  
This causes applications to start failing because the hosts they need no longer 
resolve.  As soon as the PC renews it's IP, whether automatically or manually, 
everything goes back to normal and stuff works again.

We have a short term fix (force the DNS server settings manually instead of 
DHCP) but that doesn't explain what's going on, and since we're using this same 
setup in 20 offices it also begs the question of why just this office.

Background:
Multiple small offices with either /28 or /27 networks.  They are publicly 
routable IPs due to requirements for a partner VPN.  The DHCP server is on the 
Juniper SSG FW.  It servers two pools, one for PCs, another for phones.  The PC 
subnet is publicly routable, the phone subnet is a non-routable 10.x subnet 
with matching ranges.  (12.x.x.x/27 and 10.x.x.x/27).  All DNS points to the 
home office.  Until recently these pointed strictly to our domain DNS servers.  
As part of the VPN requirement we have set up a second set of DNS servers which 
are used to resolve hosts in the partner's domains.  This is done with 
conditional forwarders.  Partner DNS traffic gets resolved by their servers, 
everything else goes to our domain DNS or the Internet as required.

This all works fine except in a single office.  Even in that office it worked 
fine for weeks and has suddenly started this "revert" behavior.  When the PCs 
change, they go back to pointing to our domain DNS which can't resolve the 
partner hosts.

My question becomes (sorry it took so long) how do we track what is actually 
changing the DNS settings?  I can tell when it happens fairly easily, but 
nothing in the event logs, etc., seems to indicate what triggered it, or what 
process is doing it.  It doesn't happen as part of a DHCP operation as best we 
can tell.


--------------------
Melvin Backus | Sr. Systems Analyst | Byers Engineering Company | 
404.497.1565<tel:404.497.1565>
Service Desk | 404-497-1599<tel:404-497-1599> | http://servicedesk.byers.com
--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.