We have a mixed domain of Win2K and Win 2003 servers. All clients are win
2000 pro or XP pro.Everyone is behind our firewall.
The problem: Random clients are suddenly unable to connect to services on
our network or the internet. They are getting re routed to a 64.22.xxx.xxx
address for everything this is not a subnet on our network so I don't know
where its coming from.
If I do a ipconfig /flushdns that sometimes works and clears the problem out
but sometimes the wrong DNS is hitting the client pc so fast the only thing
I can do is disable DNS caching on the local PC.and then the user can get
back to work.
As I said disabling DNS caching works but going around to every client to do
this is not the most practical plan when your talking 3,000 + PC's Is
there another direction I should be looking in to resolve this problem at
the server level.?

Thanks in advance for any help you can offer.

Jstrum5

"g.g." <(E-Mail Removed)> wrote in message
news:RRfUg.1650$fI1.1444@trndny04...
> We have a mixed domain of Win2K and Win 2003 servers. All clients are win
> 2000 pro or XP pro.Everyone is behind our firewall.
> The problem: Random clients are suddenly unable to connect to services on
> our network or the internet. They are getting re routed to a 64.22.xxx.xxx
> address for everything this is not a subnet on our network so I don't know
> where its coming from.

Use NSLookup, both the defaults during the problem and
explicitly choosing a DNS server by specifying the IP...

nslookup Name_To_Search
nslookup Name_To_Search IP.Address.DNS.Server

Note the difference between these and compare them
to ping (or other client app resorts) since NSLookup
will NOT use the DNS Client Cache.

Odds are pretty high that you have the clients set to use a
MIXTURE of the internal (correct) DNS servers and some
other (external) DNS server set.

Check "IPconfig /all" and remove all but the correct set
from NIC->IP Properties.



> If I do a ipconfig /flushdns that sometimes works and clears the problem
> out but sometimes the wrong DNS is hitting the client pc so fast the only
> thing I can do is disable DNS caching on the local PC.and then the user
> can get back to work.

"Wrong DNS" will not "hit" the client PC. Clients request
resolution from the DNS server but if you (improperly) configure
both a correct and incorrect DNS Server (set) on the NIC then they
may switch seemingly randomly.

People do this in the mistaken belief that both will be used.

Otherwise the problem is likely that you have BAD entries in
the HOSTS file which is loaded by the DNS Client (caching).

Remove those entries but be very suspicious of their origin
(virus, spyware, browser highjacker, trojan etc.)

%systemroot%\system32\drivers\etc\hosts

> As I said disabling DNS caching works but going around to every client to
> do this is not the most practical plan when your talking 3,000 + PC's

You should not need to do this in ANY case but if you ever need to
do something on 3000 PCs then use a batch file or some other feature
of the GPOs.

> Is there another direction I should be looking in to resolve this problem
> at the server level.?

Probably not.

> Thanks in advance for any help you can offer.
>


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

> Jstrum5
>

g.g. wrote:
> We have a mixed domain of Win2K and Win 2003 servers. All clients are
> win 2000 pro or XP pro.Everyone is behind our firewall.
> The problem: Random clients are suddenly unable to connect to
> services on our network or the internet. They are getting re routed
> to a 64.22.xxx.xxx address for everything this is not a subnet on our
> network so I don't know where its coming from.
> If I do a ipconfig /flushdns that sometimes works and clears the
> problem out but sometimes the wrong DNS is hitting the client pc so
> fast the only thing I can do is disable DNS caching on the local
> PC.and then the user can get back to work.
> As I said disabling DNS caching works but going around to every
> client to do this is not the most practical plan when your talking
> 3,000 + PC's Is there another direction I should be looking in to
> resolve this problem at the server level.?
>
> Thanks in advance for any help you can offer.

Make sure all clients are using only the internal DNS server only, although
the typical cause of this is if your internal domain is a lower level of
your public domain and your public domain contains a wildcard record. This
adds the public domain to the DNS suffix search list, which is appended to
all non-FQDN (All DNS queries that are not followed with a trailing "." are
considered non-fully-qualified names) Since your internal DNS isn't
authoritative over the public domain your DNS will forward the query and get
a hit on the wildcard record.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================