Dynamic DNS Issues

  • Thread starter Thread starter Eric
  • Start date Start date
E

Eric

I've got a single subnet running DHCP and two DNS
servers. I have three IP addresses that keep showing up
as records on my DNS servers.

169.254.167.144
169.254.193.210
169.254.65.139

I've used ping and tracert and get no response from them.
If I nslookup mydomain.com internally, they show up. I
delete the records and they are back in an hour, so I'm
assuming this has something to do with Dynamic DNS.

Any ideas on how to locate where they are coming from.
 
In
Eric said:
I've got a single subnet running DHCP and two DNS
servers. I have three IP addresses that keep showing up
as records on my DNS servers.

169.254.167.144
169.254.193.210
169.254.65.139

I've used ping and tracert and get no response from them.
If I nslookup mydomain.com internally, they show up. I
delete the records and they are back in an hour, so I'm
assuming this has something to do with Dynamic DNS.

Any ideas on how to locate where they are coming from.
Click to expand...

Sounds like a NIC on a machine that cannot see a DHCP server, what is the
name of these records that will give me you a hint where to look. If they
are blank records then they are coming from a DC. Maybe, NICs with the cable
unplugged?
 
The recordes don't have names. Its listed in DNS as:

(same as parent folder) A 169.254.167.144

I know that its not a NIC somewhere, because I'm aware of
every device connected to my network.

Also, how could the NIC aquire an IP address of that sort
if those IP addresses don't fit the scope in DHCP?

Also, all of my DC's have a single NIC in them, and their
associated IP address shows up when I do an nslookup, but
it would appear the way the addresses are showing up that
something possibly besides hardware on my DC's are
allowing this to show up. I am running virus protection
as well, so I don't see that being the problem. I feel
like I've been hacked, but I'd like to be sure or be able
to rule that out.
 
In
Eric said:
The recordes don't have names. Its listed in DNS as:

(same as parent folder) A 169.254.167.144

I know that its not a NIC somewhere, because I'm aware of
every device connected to my network.

Also, how could the NIC aquire an IP address of that sort
if those IP addresses don't fit the scope in DHCP?

Also, all of my DC's have a single NIC in them, and their
associated IP address shows up when I do an nslookup, but
it would appear the way the addresses are showing up that
something possibly besides hardware on my DC's are
allowing this to show up. I am running virus protection
as well, so I don't see that being the problem. I feel
like I've been hacked, but I'd like to be sure or be able
to rule that out.
Click to expand...

If that record is showing up as a (same as parent) record, then it's telling
me it's coming from a DC. If the DC has multiple NICs, or the MS Loopback
Adapter or RRAS installed, that could be trying to register and that's where
it's coming from. No hack would cause this. See what's installed or
configured on the machine to see what interface it's coming from.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Eric said:
The recordes don't have names. Its listed in DNS as:

(same as parent folder) A 169.254.167.144

I know that its not a NIC somewhere, because I'm aware of
every device connected to my network.

Also, how could the NIC aquire an IP address of that sort
if those IP addresses don't fit the scope in DHCP?
Click to expand...

That is an APIPA number assigned when a DHCP server cannot be contacted.
Also, all of my DC's have a single NIC in them, and their
associated IP address shows up when I do an nslookup, but
it would appear the way the addresses are showing up that
something possibly besides hardware on my DC's are
allowing this to show up. I am running virus protection
as well, so I don't see that being the problem. I feel
like I've been hacked, but I'd like to be sure or be able
to rule that out.
Click to expand...

Only the domain controller creates blank hosts in DNS that is the reason I
think it is on a DC maybe on a dial in interface (You need DHCP Relay agent
in RRAS in that case)
 
Eric said:
I've got a single subnet running DHCP and two DNS
servers. I have three IP addresses that keep showing up
as records on my DNS servers.

169.254.167.144
169.254.193.210
169.254.65.139

I've used ping and tracert and get no response from them.
If I nslookup mydomain.com internally, they show up. I
delete the records and they are back in an hour, so I'm
assuming this has something to do with Dynamic DNS.

Any ideas on how to locate where they are coming from.
Click to expand...

Microsoft assigns these addresses automatically when a DHCP configured
computer cannot obtain an IP address from a DHCP server. It's called
Automatic Private IP Addressing (APIPA).

Ref:
http://support.microsoft.com/defaul...port/kb/articles/Q220/8/74.ASP&NoWebContent=1

--
Roland

This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose.
 
Back
Top