DNS changes unexpectedly.

Keith Woodworth kwoody at citytel.net
Tue May 2 00:06:32 UTC 2006


Over the last week weve had a part of our network getting some strange
DNS.

Its about 400 clients but not all of them seem to be affected as far as
we can tell.

Client boots up gets valid IP and DNS. Things will work for anywhere from
10 mins to 3 hrs, then suddenly the client will not be able to get any
webpages but they can still be streaming audio or be on some online chat
but the web and email go down.

In troubleshooting this I'm finding that these clients, while they still
have a valid IP address, their DNS has changed to 192.168.1.1. As soon as
they repair/renew their DNS is back and away they go. As a fix Ive been
getting the DNS hardcoded but this should be be a permanent fix.

I'm guessing someone has a router plugged in backwards on this subnet and
just started sniffing the network.

Why would just the DNS change and not the IP too? It seems odd that just
the DNS Ip would change and not the IP of their machine too.

Lease times are 7 days so the way I understand it the client should not
be trying to renew the IP or DNS for 3.5 days. But we are seeing only the
DNS change as fast as 10 mins after their initial DHCP request.

Thanks for any insight.
Keith




More information about the dhcp-users mailing list