DNS bug

  • Thread starter Thread starter Chris Popoff
  • Start date Start date
C

Chris Popoff

Hi

I have an interesting problem with one of my office machines. I am not sure
how, but I have set up static ip's for all my machines, and I use the server
itself as one of my dns entries.

On this particular machine, the dsn ip's keep going back to an earlier
address, and each time I correct it (as admin) and put the server dns and
save, after a day or so, sometimes a week, it reverts back to the old dns
numbers.

Is there a reason why this is happening on this particular machine? I know
that at one time, a virus was found and erradicated, but doubtful that it
would cause the dns change on that machine.

Anyone with ideas is most welcome. Right now all I can do is reset the
correct dns ip (server ip) each time I find out that it has reverted to the
old settings.

Thanks in advance.

Chris
 
Chris Popoff said:
Hi

I have an interesting problem with one of my office machines. I am not
sure
how, but I have set up static ip's for all my machines, and I use the
server
itself as one of my dns entries.

On this particular machine, the dsn ip's keep going back to an earlier
address, and each time I correct it (as admin) and put the server dns and
save, after a day or so, sometimes a week, it reverts back to the old dns
numbers.

Is there a reason why this is happening on this particular machine? I know
that at one time, a virus was found and erradicated, but doubtful that it
would cause the dns change on that machine.

Anyone with ideas is most welcome. Right now all I can do is reset the
correct dns ip (server ip) each time I find out that it has reverted to
the
old settings.

Thanks in advance.

Chris
Click to expand...

This is not normal behaviour.

Since you mentioned that the machine has had a virus in the past, I'd be
inclined to suspect some malware is still present.

What IP address is the DNS server reverting to ?
Is it an address you recognise as either yours, or your ISP's DNS?
If it's neither, it in possible the machine is subject to a DNS hi-jack, and
DNS queries are being sent to a malicious server which then re-directs
legitimate website requests to malicious sites.

I'd do another virus scan, and a spyware scan. Tools like HijackTHis will
produce extensive logs that require fairly expert interpretation. There
are several good forums where people can advise on the log you get.
 
Actually, originally, the dns server ip's used in the machine were the ones
given by the ISP and which the router uses and the machines have a static
internal ip. We recently changed and restructured the business and now have
a standalone server, instead of 2 servers in 2 locations. The server which
originally had exchange was the remote server (connected via vpn). When we
restructured, the standalone server was renamed and exchange was added with
the new domain. At this time, all computers were updated with the dns of the
internal server (ip) however this machine is the only one which reverts to
the original dns ip's which the isp gave us.

Ive checked with norton 2006, adaware and spybot and nothing seems to show
in terms of spyware or malware. Everything seems to have been erradicated.

Any other ideas?

Id like to get this machine back to normal behaviour :)

Thanks

Chris
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Lost DNS 1
Scripting four static DNS servers 2
system information 7
XP: No DNS Setting in IPCONFIG 5
Dns resolver problem in XP Pro 2
What DNS addres to use on internal network? 3
cannot fix DNS issue 6
How come IPConfig /flushdns doesn't work??.... 6

Back
Top