Windows XP receives wrong DNS value via DHCP

[Guest]

Hi Folks,

I am having a problem with a couple of clients not receiving the correct DNS
Servers.

We exist in our own domain but on a WAN that has it's own domain configured.

The Clients get their IP settings via DHCP. However when I do a fresh start
of the workstation (ie on logon) the DNS servers IP's are not what is set via
DHCP but rather the DNS servers of the bigger group. In addition the
Connection-specific DNS suffix is incorrect.

To correct the problem I do the standard ipconfig /renew and it then receive
the correct information. Manually configuration of the suffix does not help.
If the workstation is left on overnight then one finds that the settings
have reverted to the incorrect ones.

Systems are XP one running SP2. The problem first occured when running an
update from Windowsupdate (prior to loading SP2 on the one workstation) but
due to the fact that a number of patches were loaded at the same time (22) we
are not sure which has patch may have caused it.

Thoughts and comments would be greatly appreciated.

 

[Lanwench [MVP - Exchange]]

Hi Folks,

I am having a problem with a couple of clients not receiving the
correct DNS Servers.

We exist in our own domain but on a WAN that has it's own domain
configured.

The Clients get their IP settings via DHCP. However when I do a
fresh start of the workstation (ie on logon) the DNS servers IP's are
not what is set via DHCP but rather the DNS servers of the bigger
group. In addition the Connection-specific DNS suffix is incorrect.

To correct the problem I do the standard ipconfig /renew and it then
receive the correct information. Manually configuration of the
suffix does not help. If the workstation is left on overnight then
one finds that the settings have reverted to the incorrect ones.

Systems are XP one running SP2. The problem first occured when
running an update from Windowsupdate (prior to loading SP2 on the one
workstation) but due to the fact that a number of patches were loaded
at the same time (22) we are not sure which has patch may have caused
it.

Thoughts and comments would be greatly appreciated.

Sounds like you need to segregate your network from the other one with a
router.

 

[Guest]

Sounds like you need to segregate your network from the other one with a
router.

We are and I do have an idea that the workstation is getting the goods from
the router before the DHCP but my problem is that it is only two machines and
in both cases it was after patching from windows update. I am most likley
going to look at uninstalling the hotfixes one by one until I find the
problem child. I am just a tad worried if this happens more consistantly and
am therefore trying to ascertain exactly where the bug lays. Have looked at
both the tcpip.sys and dnsrslvr.dll to see if that may be the problem but I
have another 2 clients running XP SP2 with the same versions as the problem
workstations which are not having any problems at all. It's all a bit of a
guessing game at the moment on our side but searches on the web (while not
exact) does seem to indicate some sort of snag somewhere along the line.

 

[Lanwench [MVP - Exchange]]

We are and I do have an idea that the workstation is getting the
goods from the router before the DHCP

I'm not sure what that means. What I was getting at is that if you're
sharing the physical network with another domain, you need to make sure
you're totally isolated from it & your computers can't possibly ask the
other DHCP server for an IP address - that's a broadcast that shouldn't be
passed through the router separating the networks unless the router was
configured to allow this for some reason. VLANs may be another
option.....what's your network setup?

 

[Guest]

I'm not sure what that means. What I was getting at is that if you're
sharing the physical network with another domain, you need to make sure
you're totally isolated from it & your computers can't possibly ask the
other DHCP server for an IP address - that's a broadcast that shouldn't be
passed through the router separating the networks unless the router was
configured to allow this for some reason. VLANs may be another
option.....what's your network setup?

We run our own LAN which exists as part of a greater WAN. As hinted at it
may be the router. Part of the problem is that the group is in the process
of moving to AD (currently not there) and as such the router should have
things open. My frustration is still that only 2 workstations are (at this
time) affected which lends me to believe it may be client related to some
degree.

 

[Lanwench [MVP - Exchange]]

We run our own LAN which exists as part of a greater WAN. As hinted
at it may be the router. Part of the problem is that the group is in
the process of moving to AD (currently not there) and as such the
router should have things open.

Not sure what that means.

My frustration is still that only 2
workstations are (at this time) affected which lends me to believe it
may be client related to some degree.

Sounds more like a timing issue. Whichever DHCP server answers first, wins.
That's the way it works. You don't want this other DHCP server available to
these clients - you need to separate it so it doesn't.

 

[Guest]

Not sure what that means.


Sounds more like a timing issue. Whichever DHCP server answers first, wins.
That's the way it works. You don't want this other DHCP server available to
these clients - you need to separate it so it doesn't.

I also thought so but the thing that stumps me is that it is only two
machines that are experiencing this problem. and the only common demonitor
between the two is that fixes (22 in all) were loaded on them from Windows
Update which were not run on the other machines. I'm trying to isolate what
fix this was but it's a painful and slow process. Any other ideas perhaps ?

 

[GordL]

This is a very long shot and thrown out only as thinking out of the box.

If one of your DHCP servers is responding to Boot-P packets and both are
responding to proper DHCP requests then I suspect that Boot-P packets may be
being submitted by the two clients that end up improperly configured by the
responding DHCP server. I am operating far outside of my own knowledge
here, but well within my experience. OK.

As you may be aware Microsoft's early implementation of DHCP causes
broadcasts on a full class A address range and in the case of a dual ported
machine will offer DHCP services on both subnets. I do not know if
Microsoft has fixed this in W2k or WXP but this may be something else that
you need to dig into.

A very long shot indeed.

Best regards
GordL

 

[Guest]

This is a very long shot and thrown out only as thinking out of the box.

If one of your DHCP servers is responding to Boot-P packets and both are
responding to proper DHCP requests then I suspect that Boot-P packets may be
being submitted by the two clients that end up improperly configured by the
responding DHCP server. I am operating far outside of my own knowledge
here, but well within my experience. OK.

As you may be aware Microsoft's early implementation of DHCP causes
broadcasts on a full class A address range and in the case of a dual ported
machine will offer DHCP services on both subnets. I do not know if
Microsoft has fixed this in W2k or WXP but this may be something else that
you need to dig into.

A very long shot indeed.

Best regards
GordL

Thanks for that.
Doesn't appear to be the case but am still monitoring.
In addition I have found that somwhere along the line (haven't pinpointed
the timeframe yet but it's at least a couple of times a day) the system makes
resets the DNS servers to the wrong ones and one then has to renew to get the
correct ones.
All remains very strange to me.

 

[Lanwench [MVP - Exchange]]

Thanks for that.
Doesn't appear to be the case but am still monitoring.
In addition I have found that somwhere along the line (haven't
pinpointed the timeframe yet but it's at least a couple of times a
day) the system makes resets the DNS servers to the wrong ones and
one then has to renew to get the correct ones.

Are they the DNS servers from the other DHCP server?

All remains very strange to me.

If I'm correct in my prior assumption, it sounds normal to me, because as I
said, the first DHCP server that answers the workstation's broadcast request
for an address will answer. And the PC will always try to contact the last
DHCP server that answered to get the same address first. You need to
segregate your network. That's the only answer.

 

[Guest]

Are they the DNS servers from the other DHCP server?


If I'm correct in my prior assumption, it sounds normal to me, because as I
said, the first DHCP server that answers the workstation's broadcast request
for an address will answer. And the PC will always try to contact the last
DHCP server that answered to get the same address first. You need to
segregate your network. That's the only answer.

Fair comment and we are looking to run some network tests this week.
The question still remains why only two workstations are having this problem
? Why these workstations never had the problem before updating from Windows
Update ? Why SP2 doesn't correct this ? And on and on - Should one really
have to amend the network design because of a hotfix - surely not.

 

[Lanwench [MVP - Exchange]]

Fair comment and we are looking to run some network tests this week.
The question still remains why only two workstations are having this
problem ? Why these workstations never had the problem before
updating from Windows Update ?

Can't say. Like I said, the computer will always try to get the IP address
it had for the last lease.

Why SP2 doesn't correct this ?

Because it's not a problem - it's how DHCP works. First one to answer the
plea by the workstation is the one that issues the address.

And on
and on - Should one really have to amend the network design because
of a hotfix - surely not.

No, but one should have one's network set up properly to begin with. ;-)

 

[Guest]

Can't say. Like I said, the computer will always try to get the IP address
it had for the last lease.


Because it's not a problem - it's how DHCP works. First one to answer the
plea by the workstation is the one that issues the address.


No, but one should have one's network set up properly to begin with. ;-)

Thing is I get the correct IP address, the correct WINS settings the correct
DHCP server indicated - it is only the DNS servers that are incorrect unless
IPCONFIG is reporting incorrectly. Our DHCP server appears to be configured
correctly.
Will be running network test a little later.