[Cialug] Bogus DNS
L. V. Lammert
lvl at omnitec.net
Tue Apr 2 17:26:38 CDT 2013
OK, .. here's a problem someone may have run into:
I updated an external domain A record, .. and it is being pulled correctly
by the site firewall and the three inside servers we manage.
Unfortunately, the Windoze clients [XP] keep coming up with the OLD IP!
Some were working correctly all day, and this afternoon they started to
break - a little research showed they are getting the OLD IP for that
hostname!
I hate to have the onsite chap put static IPs into all of the email
clients, but we might have to if we can't get this resolved.
Has anyone ever seen this? The firewall is the DNS server for the entire
site, and it is providing the correct IP (verified by dig@ from our
servers).
It seems like there is some device on the network with a bad DNS
configuration, pulling the old entry possibly from an internal cache?
Can't seem to find any clues on how to identify a rogue DNS server, .. all
of the hints I see are about virus' & hijacking. [tcpdump would be
possible, but it's a moot point as there is no traffic now and it would be
nice to have some sort of answer before folks start coming in tomorrow].
TIA,
Lee
More information about the Cialug
mailing list