0

I manage a site with around 50 Windows desktop PCs.

On the network is a single domain controller, file server and deployment server all running Windows Server 2022 (up to date).

Recently, I've noticed a number of PCs with strange FQDNs: DHCP list of clients with hedani.net FQDNs

There is no entry for that domain in DNS, however running nslookup on the DC returns: NSLookup of Hedani.net from the DC

Here is a list of things I've tried:

  • All PCs on-site have recently been rebuilt and only have Office and Sophos AV installed.
  • Antivirus has found no malware
  • Cleared DNS cache
  • Checked DNS config on both the servers and affected clients
  • Hostname is correct on the affected clients
  • Windows is up to date site-wide
  • Deleting the DHCP entry and renewing the IP of the machine does fix the strange FQDN to the networks internal address, however this is a temporary fix.
felpsey
  • 1
  • 1
  • Do the clients use any VPN oder are there multiple WLANs? Looks like some clients took a local domain and tried registering them with you (and were successful). – bjoster May 11 '22 at 10:57
  • What DNS Domain Name are you assigning the DHCP clients from your DHCP scope or server options? – joeqwerty May 11 '22 at 13:43
  • Clients do not use VPN on desktop machines (which are the ones affected), there aren't multiple WLANS. The DNS Domain Name assigned is OrgName.Internal. – felpsey May 11 '22 at 14:00

0 Answers0