Announcement

Collapse
No announcement yet.

Rogue DNS entry

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Rogue DNS entry

    Hi guys,

    After looking into this for two hours I'm giving up and asking for help. I'm clearly missing something so simple. Quick set-up info first. We have two forrests with an external trust:

    company.org.uk
    Windows 2003 R2 SP2 (Domain and Forrest levels at 2003 native)
    IP range - 128.1.0.0 /16

    company.local
    Windows 2008 R2 (Domain and Forrest levels at 2008 R2)
    10.10.0.0 /16

    Forwarders are set on company.org.uk to point to DNS servers in company.local and vice versa.

    I created a new VM and accidentally assigned it to the 128.1.0.0 network. It obtained an IP address from DHCP and registed in DNS. I then changed it's IP into the 10.10.0.0 range and changed it to the correct network within ESX. The server is attached to the company.local domain.

    Right, I've cleared down any rogue DNS erntries on the company.org.uk DNS servers and deleted the lease from DHCP. I've cleared the cache on all DNS servers in company.org.uk. When I ping the hostname from a DNS server on company.org.uk it resolves as hostname.company.org.uk even though there is no DNS entry for it anywhere. if I ping the hostname from a company.local DNS server it resovles fine as hostname.company.local.

    The entry is not in the hosts file and is not on any DNS server in the company.org.uk domain. As mentioned, I've cleared down the cache and flushed DNS from the resovler cache before pinging.

    I'm at the point where it was porbably going to be quicker to rebuilt the server and rename it

    Thanks

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

  • #2
    Re: Rogue DNS entry

    UPDATE:

    Tried restarting the DNS Client and DNS Server service but issues still occurs. One strange thing is when I do an nslookup on the hostname it resolves the IP address. When I do an nslookup on the IP address it resolves to 3 different hostnames, either of which can be found in DNS for company.org.uk
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Rogue DNS entry

      Right - resolved the nslookup IP address issue as the IP address was in the reverse lookup zone 3 times. I've removed them all but can still ping hostname and it resolves to hostname.company.org.uk instead of company.local
      Michael Armstrong
      www.m80arm.co.uk
      MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: Rogue DNS entry

        DIE WINS DIE!!!!!!!!!

        Problem resolved.

        Michael
        Michael Armstrong
        www.m80arm.co.uk
        MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: Rogue DNS entry

          Ah, legacy services at their very best!
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Rogue DNS entry

            It was a bit decieving as normally when you ping the NETBIOS name and it doesn't resolve the domain name then it's using WINS and not DNS to resolve. I was pinging the hostname and it was resolving as hostname.company.org.uk which suggested it was using DNS.

            Gggrrrrrr
            Michael Armstrong
            www.m80arm.co.uk
            MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment

            Working...
            X