Odd single host record in Forward Lookup Zone/mydomain.com

[PaulS]

I need to find where a single odd Host (A) record is coming from -
anyone got any ideas?

More Info:
AD integrated DNS.
mydomain.com is all in private IP

e.g. 192.168.34.5 is mail.mydomain.com

But a host record for 169.254.205.59 keeps re-appearing in there.
I delete it, it comes back. Not immediately but after a while. Doesn't
seem to point to an active machine out on t'interweb.
There are no other DNS records of any description that refer to either
the same address (or any other odd machine name or address outside
those that I've either put there myself.)

Looks like some kind of nasty worm/trojan/backdoor thing but as yet
not found any evidence anywhere. Seems more likely to be a Mac or PC
assigning an IP address to a.n.other NIC (or just generally doing
something wrong) and then letting DNS know... at least that's the
optimistic side of me hoping that. Secure DNS updates are off so that
the Macs can let DNS know who they are. Yes, it means something could
poison the DNS - which is what it looks like - but it's a Host record
for what?


Suggestions please.


Paul

 

[Deji Akomolafe]

That address is the APIPA address (see
http://support.microsoft.com/defaul...port/kb/articles/Q307/2/87.ASP&NoWebContent=1)
or google for APIPA if the link wraps.

You propbably have a dual-homed computer and the other NIC is not connected
to anything. To resolve the issue, just disable the unused NIC.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

 

[Jonathan de Boyne Pollard]

P> Looks like some kind of nasty worm/trojan/backdoor thing [...]

It looks like a DHCP Client that couldn't obtain a lease, to me. But
there you go. (-: