DNS changes unexpectedly.
Simon Hobson
dhcp at thehobsons.co.uk
Tue May 2 06:42:09 UTC 2006
Keith Woodworth wrote:
>Client boots up gets valid IP and DNS. Things will work for anywhere from
>10 mins to 3 hrs, then suddenly the client will not be able to get any
>webpages but they can still be streaming audio or be on some online chat
>but the web and email go down.
>
>In troubleshooting this I'm finding that these clients, while they still
>have a valid IP address, their DNS has changed to 192.168.1.1. As soon as
>they repair/renew their DNS is back and away they go. As a fix Ive been
>getting the DNS hardcoded but this should be be a permanent fix.
>
>I'm guessing someone has a router plugged in backwards on this subnet and
>just started sniffing the network.
>
>Why would just the DNS change and not the IP too? It seems odd that just
>the DNS Ip would change and not the IP of their machine too.
If there was a rogue dhcp server then the client would ask for the
address it had, and if it's valid for the network the rogue server
could offer it. Hence the client could switch servers without
changing address.
However, if it was just a rogue router, I'd expect different IP
addresses based on the fact that the dns has changed (to a different
subnet) and most small routers default to using themselves as the dns.
The other thing against it being a rogue server is that the clients
would be unicasting their renewal requests to the server that gave
out their lease in the first place - not broadcasting them to the
whole network.
What OS are the clients running ?
What DNS are you setting via DHCP ?
I would be inclined to set up a packet capture for just dhcp packets
and leave it running. When someone informs you of the problem, search
in the packet trace for all packets to/from their MAC address and see
if there's been any odd behaviour - and of course, check the contents
of DHCP packets.
Simon
More information about the dhcp-users
mailing list