waynebike
join:2002-07-29
Naperville, IL
| ALL DNS Entries resolve to 127.0.0.1Hi All,
I've been struggling with a very strange issue here lately. I support a few hundred PC's which are configured with folder redirection for my docs, favorites and desktop items. I then use offline files to allow laptop uses to sync these directories so that they have access to them while they are at home.
This has worked perfectly fine since its introduction nearly 2 years ago. As of Tuesday of this week, I've had almost every one of my users get prompted for a password after logging in, but ONLY when they are outside of my office. This dialogue box is prompting them for a password to my file server, lets call it fileserver1.contoso.com. No combination of their current username/password provides successful authentication as it complains that no DC is currently available.
In doing a bit of troubleshooting on their machine, here is what i've found:
1.) NO changes have been made recently to any of our configs/network.
2.) No entries in the hosts file accept for 127.0.0.1 for localhost
3.) I'm able to ping anything and it resolves to 127.0.0.1 as long as I don't specify a domain (ex. .com). Example: ping fhfhdfyduaifydufayduia resolves to 127.0.0.1.
4.) All Virus defs are up to date (mcAfee 8.5i Patch 8), also uninstalled mcafee to see if that was causing the issue.
5.) I tried adding the IP to my file server to the hosts file in order to see if that could resolve my issue (hoping that it would find the server is offline and then stay offline) and it was still able to resolve! tracert showed the following:
It's worth noting that there is no VPN or any kind of connection back to our office when working remotely. I'm at a complete and total loss on this one, any ideas are appreciated. Thanks! | |
|
 efflandt
join:2002-01-25
Elgin, IL
 ·AT&T Midwest
| Re: ALL DNS Entries resolve to 127.0.0.1 When they are on the road, does ipconfig /all in a command window show a DNS Suffix
And in a command window does nslookup gobblygook resolve to 127.0.0.1? Maybe their ISP sets their own domain as default DNS suffix and uses a wildcard entry to resolve any unknown name in that default domain to self.
Or are there any manual settings for DNS Suffix in the Advanced tab of TCP/IP properties for whatever interface they are using for their on the road internet connection or in general? | |
|
Bink
join:2006-05-14
Denver, CO
·Qwest.net
1 edit | From your tracert it would appear they might be using a Comcast DNS server—and Comcast is improperly routing traffic to private address space out their network. It also appears Comcast’s DNS servers, for whatever reason, are using a loopback address in response to some types of DNS requests. It might also be the case where Comcast is using private address space that is similar to what you use on their internal network. | |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| What is 10.2.11.2? Is that the IP of your server at work? If so, most cable companies use the 10.x.x.x network for devices, so what it looks like it happening is that you are running a trace route to a piece of Comcast equipment, not to your server.
What has me MORE puzzled, is why in the hell is your WRT router passing a 10.x.x.x address out the WAN port. Your Linksys should drop those packets as private address space shouldn't be routed onto the public internet. | |
|
 | |
| |
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| Re: ALL DNS Entries resolve to 127.0.0.1 said by tschmidt  :said by Matt :Your Linksys should drop those packets as private address space shouldn't be routed onto the public internet. The only addresses router will not forward is the local address segment used by the LAN. It has no way of knowing what addresses are being used external to itself. Dood, Tom, you're right. I just tested performing a trace route to 10.0.0.1 and sure enough, my router tried to send it out onto North State's (my ISP's) network. I was under the assumption that a home router would be intelligent enough to know about the private address space and not pass it LAN to WAN. | |
|
efflandt
join:2002-01-25
Elgin, IL
·AT&T Midwest
| Some ISP's do use private IP's as gateways, since outbound and inbound routes can differ (out/in routes differ on my DSL even though all IP's involved are public). And some foreign ISP do not even give their users public IP's (they NAT their customers). So if someone assumed that traffic to "any" private IP should not go out the WAN, they might break something. | |
|
waynebike
join:2002-07-29
Naperville, IL
| Thanks to all who have replied. I'm actually working with Microsoft on this now. I've managed to stump two seperate teams thus far (AD & Networking). Both have had access to the systems and are completely unsure so for as to how this could be happening. If/when we get this resolved, I'll post the solution here. For now, I'll let them have a stab at it. | |
|
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| Re: ALL DNS Entries resolve to 127.0.0.1 said by waynebike :Thanks to all who have replied. I'm actually working with Microsoft on this now. I've managed to stump two seperate teams thus far (AD & Networking). Both have had access to the systems and are completely unsure so for as to how this could be happening. If/when we get this resolved, I'll post the solution here. For now, I'll let them have a stab at it. Many moons ago I interviewed with the Microsoft Networking Team. If you're working at the level I would have been, those are some smart guys. You're in good hands. | |
|
|
|
|
·