cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Interesting Behavior with DNS Server - any ideas ??

Hi Everyone, I find myself in an interesting investigation .. our internal DNS team have identified that one of my Beacons is making DNS lookups against our "old" DNS server which is NOT configured in my DNS configuration in the Windows server OS TCPIP settings. I have verified and re verified that this "old" DNS server is not configured within Windows, in addition to flushing the cache etc.

What I tripped upon yesterday was that these DNS lookups are occurring at the exact same time that our Remote Execution Manager is running the 30 minute additional VCenter scans. The DNS lookup is always using the same VCenter IP address, as I have configured only the IP's in the Targets. Funny thing is that I have 4 VCenters in this particular Target but only this IP addressed is used for the lookup.

The million dollar question is .. where is the Beacon / Remote Execution Manager picking up this "old' DNS Server name from. As I identified earlier, it is NOT part of the list of DNS Servers in the TCPIP settings.

I am leading towards the idea that perhaps someone has entered or updated either a Registry or ini / config file on the Beacon which is being used, which could be possible since this was our first of five Beacons configured when we first introduced the tool and I know there was a fair bit of "McGyvering" going on to get things working in a pinch.

Is anyone aware of any registry or config/ini settings on the Beacon or FNMS User Interface that would include a DNS setting.

 

Thx in Advance

Bruce

 

 

 

(1) Solution

Hi Everyone,  I just wanted to share what I had found that is more than likely the culprit in the Beacon using  what I  had referred to as the "old" DNS  Server names.

Even though from the Windows TCPIP GUI perspective ,only the proper DNS server names were identified I wanted to find the Registry key that translates that GUI information into the Registry.

So I found the key at the following path which relates to the interfaces and their associated information. Turns out that server had an additional key that represented a DHCP setup which was obviously used at some point but was replaced with the Static IP scenario. For whatever reason (Microsofts Magic) that old registry key setting for DHCP was still there and contained the 2 "older" DNS Server names.

HKeyLocalMachine\system\currentcontrolset\services\tcpip\parameters\interface

We have removed that specific DHCP registry key which will more than likely resolve our problem. I wasn't sure if within the specific Beacon configurations there was something that identified DNS servers or not, everything I had read indicated No, but you never know sometimes.

 

Bruce

View solution in original post

(3) Replies

Forgot to mention that these are Reverse DNS lookups which are being performed since I have only identified the VCenter IP address in the Target. It's quite possible that our "new" DNS servers are not capable of performing these Reverse lookups and are re routed to the older infrastructure .. I am following up on that possibility, not sure if that is even possible  but worth asking.

As a troubleshooting step, you could try executing "nslookup" on the IP address in question to see what DNS server nslookup uses when doing the reverse lookup.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

Hi Everyone,  I just wanted to share what I had found that is more than likely the culprit in the Beacon using  what I  had referred to as the "old" DNS  Server names.

Even though from the Windows TCPIP GUI perspective ,only the proper DNS server names were identified I wanted to find the Registry key that translates that GUI information into the Registry.

So I found the key at the following path which relates to the interfaces and their associated information. Turns out that server had an additional key that represented a DHCP setup which was obviously used at some point but was replaced with the Static IP scenario. For whatever reason (Microsofts Magic) that old registry key setting for DHCP was still there and contained the 2 "older" DNS Server names.

HKeyLocalMachine\system\currentcontrolset\services\tcpip\parameters\interface

We have removed that specific DHCP registry key which will more than likely resolve our problem. I wasn't sure if within the specific Beacon configurations there was something that identified DNS servers or not, everything I had read indicated No, but you never know sometimes.

 

Bruce