0

All of my client machines are picking up the incorrect server address when using nslookup. I also get the incorrect DNS Servers when using ipconfig /all

C:\Users\>nslookup
Default Server:  UnKnown
Address:  192.168.3.2

C:\Users\>ipconfig /all
*(edited for relavent info)*
Default Gateway . . . . . . . . . : 192.168.3.1
DHCP Server . . . . . . . . . . . : 192.168.3.1

DNS Servers . . . . . . . . . . . : 192.168.3.2
. . . . . . . . . . . . . . . . . . . . . . : 192.168.2.70
NetBIOS over Tcpip. . . . . . . . : Enabled

This 192.168.3.2 server in question was a partially setup DC that had the DNS role installed but I didnt believe it was actually being used. I ended up having to do a forced dcpromo and metadata cleanup to remove it. I have searched throughout the DNS Management and AD Sites & Services and removed all traces which is the reason NSLOOKUP comes back with Unknown but I cannot find where it is being pulled from. Also, the DHCP and Gateway are running on an old Cisco ASA but it is only using the 192.168.2.70 address. If I manually configure a computer's primary and secondary DNS then everything is fine but currently all of our client computers are set to auto. The primary DNS should be 192.168.3.40 as it is the PDC with the FSMO role, DNS and other key functions.

C:\Users\>netsh dhcp show server

6 Servers were found in the directory service:

Server [SERVER.company.local] Address [192.168.1.2] Ds location: cn=SERVER.company.local
Server [exch2k7.company.local] Address [192.168.2.3] Ds location: cn=exch2k7.company.local
Server [server.company.local] Address [192.168.3.40] Ds location: cn=server.company.local
Server [server-dc2.company.local] Address [192.168.2.70] Ds location: cn=Server-dc2.company.local
Server [server-dc2.company.local] Address [10.10.10.20] Ds location: cn=Server-dc2.company.local
Server [server-hyperv.company.local] Address [192.168.1.3] Ds location: cn=server-hyperv.company.local

The only actual functioning DHCP in this list is 192.168.2.70 but it is at our Colo and doesn't have any client machines it is running.

C:\Users\>nltest /dnsgetdc:company.local
List of DCs in pseudo-random order taking into account SRV priorities and weights:

Non-Site specific:
   server-dc2.company.local  192.168.2.70
   exch2k7.company.local  192.168.2.3  10.10.10.10
   server.company.local  192.168.3.40
The command completed successfully
Katherine Villyard
  • 18,550
  • 4
  • 37
  • 59
Daniel-IT
  • 1
  • 1
  • 2
  • To add some clarification: nslookup returning Server Unknown is an indication that there's no rDSN zone set up or that there's no PTR record for the ip address in question in the rDNS zone, if the rDNS zone does exist. It isn't an indication of the existence, or lack thereof, of a particular DNS, DHCP or DC server. – joeqwerty Jan 19 '16 at 22:21

2 Answers2

1

Fix your DHCP server, 192.168.3.1 aka "old Cisco ASA", to hand out the address of the nameservers you want to use.

84104
  • 12,905
  • 6
  • 45
  • 76
1

The DHCP server is assigning the DNS servers to the clients and that's where you need to fix this. The fact that the ASA itself is using 192.168.2.70 for DNS means that it is using 192.168.2.70 for it's own DNS resolution, it doesn't meant that it's assigning 192.168.2.70 to the DHCP clients.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • The ASA currently has 192.168.2.70 as primary and 192.168.2.3 secondary for its DNS settings and when remote users connect through VPN they get that correct information. The local computers that are connected via LAN or WiFi get 192.168.3.2 as the primary and 192.168.2.70 as a the secondary. The ASA has never had the 3.2 address in its list which is what baffles me. – Daniel-IT Jan 19 '16 at 21:46
  • In the DHCP server configuration on the ASA what DNS servers is it configured to assign? run `show running-config dhcpd` on the ASA and see what's configured. – joeqwerty Jan 19 '16 at 22:08
  • Result of the command: "show running-config dhcpd" dhcpd dns 192.168.2.70 dhcpd domain company.local ! dhcpd address 192.168.3.10-192.168.3.150 inside dhcpd option 242 ascii Mcipadd=192.168.100.252,httpsrvr=192.168.100.252,tftpdir=/,mcport=1719,l2qvlan=100,l2qsig=5,l2qaud=5,phndlength=4,vlantest=999 interface inside ! – Daniel-IT Jan 19 '16 at 22:14
  • So 3.20 is the errant server. I'd check all of the servers listed as DHCP servers to confirm that they are or aren't functioning as DHCP servers and If they are I'd check their Server/Scope options to see if they are in fact assigning the errant DNS server to clients. By checking them all, I mean check them all, whether or not you believe them to be functioning as DHCP servers. The only way to confirm it is to check them, even the one off site. – joeqwerty Jan 19 '16 at 22:25
  • The DNS scope options for 192.168.2.70 are set to 192.168.2.70 and 2.3. – Daniel-IT Jan 20 '16 at 17:49
  • The DNS scope options for exch2k7 are set to 2.4 and 1.2. The DNS scope options for server-hyperv are set to 2.70, 1.199 and 1.3 and it is currently deactivated. I am told that the 1.x addresses are from an old location. Where I believe the issue may have come from was a new DC that was setting up and did in fact have 2.70 and 3.2 in the scope. It was turned off for a long time and when I turned it back on last week it started triggering tombstone events and I demoted it until I have more time to work on it. It is currently removed from the domain and turned off again. – Daniel-IT Jan 20 '16 at 18:03