Wierd DNS/DHCP Issue

[michaelcrawford]

I have 2 windows server 2003 machines that are running dns and dhcp. I also have a linux firewall/gateway.

When a client logs in the dhcp server assigns a correct ip address, dns addresses and default gateway address.

At least twice per day the client computer will suddenly lose internet connectivity.

Upon the command ipconfig /all ... both dns addresses have changed to the default gateway address!?

If I release and renew all is back to normal. My entire office is having to release and renew at least twice per day.

This happens sporadically and I can't seem to put my finger on what is happening.

Any suggestions?

 

[GlenJohnson]

When did this start happening? Possible you have a rougue dhcp server come into play? Have you checked the event logs on the servers and seen if anything strange has come about?

Glen A. Johnson
Johnson Computer Consulting

Support our Troops!

http://www.fred08.com/index.aspx

 

[chipk]

When this happens, in the "ipconfig /all" output, does the DHCP server (about the 5th line from the bottom) point to the correct server? That would verify whether what Glen says is what is happening. If it does point to the correct server, I'm curious what your lease duration is, and also if you're blocking any ports with an access-list (66 or 67) or using something like the ip helper-address in a Cisco router. If you were doing something funky with one of those ports, but not the other, I'm not sure what the result would be, but it may cause something like what you're seeing.

 

[chipk]

Sorry, that should be ports 67 or 68.

 

[michaelcrawford]

initially the dhcp server assigns all the correct ip address including dns servers 1 & 2, default gateway and ip address.


this is verified with ipconfig/all


when things go "screwy" which means im working and all of a sudden i can't connect to the internet anymore, i look at the output of ipconfig/all and it shows the dns server addresses as both being the same as the default gateway address.


i release and renew and then do an ipconfig/all ... everything is back to normal including proper dns address and proper gateway address


view the attached image which shows the ipconfig/all output

thanks,

Mike.

 

[mfregeau]

Hi Michael

Can you answer chipk's question about the DHCP address? Does the address that we see in your printout, 10.80.50.5 the address of one of your DHCP servers?

I assume that both DHCP server have different ranges on the same subnet. If not then you could have address conflicts. Can you provide a printout of the ipconfig command when all is well and give us a brief rundown of your DHCP configuration?

Hope to help some more.

 

[michaelcrawford]

Thanks for the reply,

Everything is on the 10.80.50.x class and all are on the same subnet.

We have 2 domain controller servers which are both running DNS & DHCP. The first DC server is a file server 10.80.50.5 and the second DC server is our exchange 2003 server 10.80.50.6.

We have a linux based firewall which is the gateway 10.80.50.1

I have attached the ipconfig/all output when everything is ok.

 

[michaelcrawford]

error in my last post... my bad.. DHCP is only running on one of the domain controllers 10.80.50.5

The other domain controller is not running DHCP... both domain controllers are running dns though...

thanks,

mike.

 

[mfregeau]

Wow, this one is odd in deed.

I assume you looked at your workstations logs and found nothing in there. Have you tried to uninstall the TCP/IP kernel on one machine, reload without it and reinstall it?

It would be strange that ALL your workstations would have corrupted kernels all at once.

Your leases are for 7 days, which means that it should not ask for a confirmation until then or until the next reboot. Besides those two situation, there is no reason for your workstations to ask for a new lease. If the DNS server do not answer for some reason, the workstations refer to its own root file. But it does not change the settings in your DHCP configuration.

If that does not work, try to disable your DCHP service on your .5 server and let the .6 answer for all and see if the problem persists.

Did you split your DHCP segment in two between both servers? You should have, say 100 IP addresses on your .5 server and another different 100 IP addresses on your .6 server. You need to make sure that the .5 does not have any of the addresses of .6 and vise-versa.

Try that and let me know how it goes.

Mart

 

[mfregeau]

Oh, dang!

ok, I would then try to put the DHCP segment on another machine and disable the one on your .5 and see if the problem continues. If not, it may be a corrupted DHCP application on your server. I'm not a MCSE, but I would try to remove the application, reload the server and reinstall. If that does not work, I would refer the case to a local professionnal.

Mart.

 

[michaelcrawford]

Mart, Thanks for the quick reply...

per my last post, there is only on dhcp server 10.80.50.5

10.80.50.6 is not a dhcp server

both .5 and .6 are running dns services though

this happens to almost everyone (8 people) in the office...some first thing when they login in the morning and some just sporadically throughout the day...

i need to fix this... they are getting pissed having to relase and renew every day..

 

[chipk]

I would hardcode your DNS addresses temporarily to mitigate the problem for your users and leave one "test" station configured to receive DNS from DHCP. You'll pacify your users and still be able to work on the problem.

Please give us more details about your network including the type of Internet service, what type of routers/switches you have, and if you are doing any funky NAT or access-list stuff on the network devices.

 

[michaelcrawford]

yeah i was thinking about that.

this morning i hard coded one guys dns addresses to see if his box would make it through the day. so far so good. doesn't however shed any light as to what the issue is.

2 people in the office haven't even had this problem...

i'm scratching my head...

 

[chipk]

Are those two people who don't have problems on the same segment (IP range) as all the others?

 

[paella33]

There is a possibility to assign default gateway and/or DNS servers via Group Policy I believe. So check that also...

 

[michaelcrawford]

Yes ChipK they are. Everyone is on the same IP range.

I'll get back here and update with network layout... its pretty flat though... nothing fancy at all.

 

[chipk]

If you've only got one segment, then I suspect the problem is either in your DHCP Server Scope or Global options (maybe you have conflicting global/local scope options?), OR the problem is that you have another DHCP service running on that Linux box. Try doing a: ps -ef | grep dhcpd and see if you get any results (you'll see the grep command, but should see nothing else). OR it could be something in the firewall as I've already said. Did someone else implement that for you, or was it a kind of ad hoc setup that you did?

You could always download Wireshark or another packet sniffing program on one of the problem computers and try to capture some packet info to see what might be happening.

 

[IRudebwoy]

Can you check the uptime of your switches? Maybe your switch is failing sporadically which is causing your clients to renew their IP and temporarily "disconnect". Check the DHCP logs and correlate the renewal times with the defined lease times of your scope. If the logs show your clients renewing earlier than expected its most likely an issue at layers 1 or 2.

Otherwise I would agree with the others in the assumption of a rouge DHCP server on your net. In which case you would need a packet sniffer to weed it out.

Have Fun!

 

[GlenJohnson]

How are your servers set up for dns? This might sound strange, but it could be something simple. Servers should be set to look to themselves first, then to your outside name servers second. All clients should look only to internal servers.

Glen A. Johnson
Johnson Computer Consulting

Support our Troops!

http://www.fred08.com/index.aspx