Slow domain login; server pings to outside address; what happened?

2

I (a non-admin) have been asked to fix a network that has slow domain logins and poor performance on several other network related functions.

I discovered the following:

  • All workstations are set up to automatically determine the DNS server.
  • All workstations are receiving the address of the network's broadband router as the DNS server.
  • When pinging the server from a workstation by name (ping FREDSERVER) the workstation receives an outside IP address starting with 208. not the correct internal address starting with 172.

When I place an entry into the hosts file for FREDSERVER all or most of the performance issues disappear.

My question (in several parts) is:

  1. What happened to cause this address to resolve outside the local network?
  2. Is this an indication that the network may have been hacked?
  3. What is the correct DNS setup on this small network (I assume the workstations should be set to use the one-and-only server for DNS, and that server should be pointed to either the router or Comcast's DNS server (Comcast is the ISP)?

Larry Lustig

Posted 2011-06-27T14:06:31.267

Reputation: 143

Answers

1

I am going to assume you are on a Microsoft domain: If so, the problem is that the DNS must be pointed to an internal Microsoft DNS server (you are not resolving internally). Set up Microsoft DNS, in the properties, set the forwarders to your ISP's DNS, and then set your DHCP to give out the new DNS server. Then do and ipconfig /renew to get the clients the proper DNS server.

KCotreau

Posted 2011-06-27T14:06:31.267

Reputation: 24 985

Here is a link explaining how to setup forwarders, make sure on your DNS server that under its NIC properties, that there are no external IPs specified. If single DNS server in network, for the first DNS server, set it to itself: 127.0.0.1. If you have another DNS server within your local LAN, then set DNS server2's IP as first and then itself as second. Heres a link explaining forwarders: https://technet.microsoft.com/en-us/library/cc754941.aspx

– KPS – 2015-06-19T22:13:35.030

Thanks, I may need a little more info to understand what you're recommending (it is, indeed, a Win-2008 server with XP clients). "DNS must be pointed to an internal Microsoft DNS server" — does that mean that he workstations must be pointed to the DNS server running on the network server? Also, DHCP is being served from the router, not the server, which is why (I think) the router's DNS is getting used. – Larry Lustig – 2011-06-27T14:40:06.423