Some of my lab server 2012 r2 machines have two domains listed in ipconfig

BlizzardX

BlizzardX

BlizzardX

Soldato
Joined
19 Oct 2002
Posts
2,714
Location
Auckland, New Zealand
Hi

Sorry for the slightly odd title, I'm not sure how it should be labelled!

So, I had a massive problem with AD in my lab which basically forced me to hose the entire domain and start again. This has worked for most of the machines, except a few whcih I didn't delete and instead have now re-attached to the new domain. As a result, I am having DNS issues on those servers and my work laptop.

For some reason, if I do ipconfig /all it shows that I have two domains active, one called Lan and the other is the proper one. If I do nslookup on the machines that won't resolve internal DNS sites, it comes up with an IP address which does not exist on the network. How can I delete this spurious domain suffix from these machines and just have the normal domain active?

IFWBXU6.png


The image shows that when I type dc1 (this is a domain controller) in to nslookup, it resolves correctly but the first entry is the spurious one which I cannot get rid off!

Any help in resolving this annoying issue is appreciated.

Chris
 
So, I've now done some more investigation and it appears under listed DNS servers when I do ipconfig /all. The address is a /64 of my public /56 but I cannot find any device on my network that is issuing this as a DNS server and its happening on newly made VMs as well as existing ones.

My fritzbox is not issuing DNSv6 or DHCPv6 matters either and is relying on SLAAC for assignment currently, but I will try and setup DHCPv6 from my DHCP servers once I work out best pratice for Windows Server DHCP settings using a public static /56 address.

If I do an nslookup, as before it references the unknown IPv6, before not finding the actual thing I'm looking for. If I then shift the commands using server dc1.domain.com then it will find the servers by name and resolve them.

Ultimately, this random IPv6 address is over-riding my AD DNS/DHCP and means that I can only use IPs as names do not resolve.

I really do not know where this random address is coming from. Wireshark can find requests to the address but no acknowledgement or source!

I really am quite stuck!
 
So, it appears that this random dns server is the ghost of a dead domain controller which I completely killed and properly demoted. I hosed the entire network and was rebuilding the initial bare metal domain controller when I noticed that the IP still existed... So, somewhere in my home network something is still saying that this dns server exists but nothing remains that isn't a client machine!

Something is repeating it, but I don't know what!
 
What happens if you run: ipconfig /flushdns

That should flush out any DNS records pertaining to the zombie DNS server.

Also check your IP settings to make sure you don't have the old DNS server's IP manually set in any of the config.
 
flushdns clears the issue for a wee while and then it comes back again. Strange thing is, when setting one of my IPMI enabled servers dns to automatic it picks up the old ipv4 of the dead domain controller automatically, so something on the network was transmitting it.

I've just reset the router too in case that was doing something odd, now back on the router dns the zombie IP has gone on my laptop but my unconfigured server 2012 r2 (only active server as the esxi hosts do not have anything running) is still showing the zombie IPv6 address and the wrong dns suffix despite only the routers dns server running with different IPs.

The router DNS is known as fritz.box while the ipconfig /all on the server shows LAN with the zombie IPv6.

Network topology is:

Fritzbox 7390 as router
HP Procurve 2900-48 switch
3 esxi 6.0 hosts
dell r310 as baremetal AD DC & Live TV machine
Dell UPS 1920w with management card

I also have 3 Windows 10 pro clients and 3 android devices and my work laptop.

Everything connects through the HP switch unless its wireless, in which case they go through the router.

Does the HP have any hidden settings that could be rebinding the former DNS addresses?
 
BlizzardX said:
flushdns clears the issue for a wee while and then it comes back again. Strange thing is, when setting one of my IPMI enabled servers dns to automatic it picks up the old ipv4 of the dead domain controller automatically, so something on the network was transmitting it.
Click to expand...

Do you have DNS set in DHCP?
 
No, only the dhcp server on the router is active now and that is pointing to its own dns server. There are no other active servers on the network now as they all got deleted or formatted.
 
Right so this is seriously frustrating. I've rebooted the HP switch and cleared the arp cache, reset the router yet again and set it so its not acting as a dhcpv6 server only dnsv6, its also acting as DHCPv4/DNSv6.

All virtual machines are shut down, only my laptop and the dell r310 running a basic install of server 2012 r2 is running (along with the UPS but if I shut that down I lose power to the R310!).

The stupid random IPv6 address is still present but no amount of /flushdns /registerdns /release or /renew on the clients will get rid of the ipv6 spurious address.

I have no idea what else is repeating this address across my network, could it be the switch? Would a factory reset of the switch solve it? Can the switch actually repeat? I couldn't find any DNS settings in the console.

Help!
 
I have to ask, but why use ipv 6 on a private network?

As it sounds like they are all VMs, have you considered just deleting the nic and adding another. It won't identify the issue, but if it is only causing issues on servers that weren't removed from the domain, it's probably worth trying.
 
Generally because I have a /56 static public IP that I use for hosting things for convenience and with a single static IPv4, IPv6 is better; also IPv6 is the future so better get everything setup now.

I don't use DHCPv6, I just let my DNSv6 register the connections with a reverse pointer based on my public /56 and allow the machines to autoconfigure.

Anywho, turned out it was a random Mikrotik internet probe that was causing trouble, removed it from the network and it started to work fine and everything resolves correctly.. have now logged this with the owners of the probe to fix.
 
You must log in or register to reply here.
Back
Top Bottom