19

A user was having trouble connecting to the internet, some sites worked some sites did not.

I do not think it has anything to do with networking gear, but just in case.

2 firewall, Palo-Alto

4 Cisco Nexus 55XXT Switch

We did not make any network changes since last week about 10 days ago and everything ran fine.

The only thing I can see that stands out is if I ping one of the machines in question is it will resolve to a different IP than what the machine Actually has

We are getting multiple network alarms about IP conflicts 2 per hour for the last day.

This was only affecting 2 users

From one of the PC having the issue:

C:\>ipconfig | find "IPv4"
   IPv4 Address. . . . . . . . . . . : 12.43.168.248

C:\>hostname
    hostname-18

Ping from different machine.

C:\>ping hostname-18
Pinging hostname-18.domain.com [12.43.168.105] with 32 bytes

Nslookup from different machine.

C:\>nslookup 12.43.168.105
Server:  ad-server.domain.com
Address:  12.43.168.83

Name:    hostname-18.domain.com
Address:  12.43.168.105


C:\>nslookup 12.43.168.248
Server:  ad-server.domain.com
Address:  12.43.168.83

Name:    hostname-18.domain.com
Address:  12.43.168.248

C:\>nslookup hostname-18
Server:  ad-server.domain.com
Address:  12.43.168.83

Name:    hostname-18.domain.com
Address:  12.43.168.105

We found out there were two reverse DNS entries hostname-18.

How or why would this happen? What could cause this?

Anthony Fornito
  • 9,526
  • 1
  • 33
  • 122
  • 3
    The reverse lookup issue is unrelated to the forward lookup problem. – joeqwerty Dec 20 '16 at 16:52
  • 2
    Likewise, the IP conflict is related to but not likely caused by the DNS issues, it's more likely that the IP conflict is driving the DNS "issue". Do the hosts have static IP addresses or are they assigned via DHCP? – austinian Dec 23 '16 at 03:20
  • The hosts are assigned IP via DHCP – Anthony Fornito Dec 23 '16 at 03:27
  • Assuming this is Windows DNS, who is shown as the owner of the DNS records in question? (Security tab>Advanced>Owner) – I say Reinstate Monica Dec 24 '16 at 16:38
  • Have you tried to run nslookup hostname-18.domain.com command to check how many A records of hostname-18.domain.com exist? Have you manually configure DNS PTR records or A records before it occurred? Please try following link below to troubleshoot issues: **How DNS Scavenging and the DHCP Lease Duration Relate** [https://blogs.technet.microsoft.com/askpfe/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate/](https://blogs.technet.microsoft.com/askpfe/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate/) Best Regards John – John Li Dec 28 '16 at 02:54

2 Answers2

11

We see from your output that IP address was changed from 12.43.168.248 to 12.43.168.105. This is not a big problem if you use DHCP. But this is very uncommon behavior if you use DHCP on Windows Server - it keeps leasing info by default, so you have a big chance that your DHCP pool is over.

kay27
  • 226
  • 1
  • 4
10

I think most likely a DHCP issue. Possibly you have multiple servers/devices with DHCP role leasing IP's with same network range (Maybe a Router has DHCP role as well as Windows Server), your servers/printers don't have static IP or reservation or your DHCP server leases IP addresses for too short a time. Does the event log on DHCP server have any entries that stand out as possible cause?

mrjamesmyers
  • 296
  • 1
  • 7