DNS changed in domain but not coming for Domain Controller

[Smrtka]

Hello good people,

I am having a strange problem that most of my company PC's had their IP changed to 8.8.8.8 and 8.8.4.4
I have looked on Domain controller and It has our DNS server only and I cannot see google dns being used anywhere on the server.

Can anyone tell me where to look ?

All of the pcs in domain are on DHCP.
This also causes people having trouble printing as printserver is on correct dns.

Thanks

 

[Smrtka]

We have 2 DC servers, Please excuse my lack of knowledge I am just 1st/2nd line.

I am in DHCP>dc1.nameofthecomapnay.com>ipv4>Scope and there is Address pool,Adress leases,Reservations,Scope options,Policies...

Scope options have the correct servers set....

 

[Smrtka]

How many PC's have you got?
If DHCP is configured with the correct DNS, then I can only imagine it has been changed manually on the machines or via a script.

Do users have rights on the machines to make this sort of change? you may have an enthusiastic amateur who has made the changes 'to make the internet go faster'...

The other alternative, I guess, would be a domain admin setting up a login script or GPO with these changes - but you'd hope someone with that level of rights would have more sense than that.

+- 80 PC's changing dns is can only be done with admin credentials, I am suspecting a malware/virus but why would virus point to google DNS and not some infected one ?

Our server admin dumped this on me saying there is nothing on the server and its users computers that are screwed....

you wouldn't want your client PC's to point to google dns.

Your client machines should point to your DC's for DNS and in turn your DNS server running on the DC should have either google or your ISP DNS as a forwarder.

The DC's should have their DNS set to their own IP with the other DC as secondary.


if you have google set for your client PC's they will not be able to resolve internal domain resources correctly.

I know that I want google dns, thats the whole point of this thread mate, something somehow changed the DNS on the machines and I am trying to find out how/why/when and how to resolve it with ideally 2 clicks and apply to whole company.

Is it possible that its in GPO ?

 

[Smrtka]

Probably best to do an RSOP.msc on a client to determine what settings are applied from where. Or do some GP modelling

Thank you,
This is a bit of advanced terms for me I will google up how to use this bits,

If anyone has any other ideas please shoot.

 

[Smrtka]

Thnaks guys for all the ideas I will look on each of them...hopefully i get to the bottom of this, I was also suggested to run Wireshark on the machine and to /release /renew to see where the ip is coming from.