none
(Very) Old IP address provided in resolution.. RRS feed

  • Question

  • OK - here is an odd one...

    A year and 4 months ago, our corporate internet domain was physically moved, and as a result received a whole new IP range for all services, including public facing sites.  At the same time, our primary DNS was moved to an outside provider, with all the appropriate changes made at the registrar to define the authoritative nameservers accordingly.

    Immediately after the change, we saw the expected result of a few sites not being able to connect correctly, since cached data was invalid and was pointing to the old addresses - no biggie, give it a few days to clear out, and things should be working just fine.

    Everything did start to work normally - except for a few clients.  We *still* have a few sites where their in-house DNS servers (all MS based) will randomly pop up with the OLD IP address for the site as opposed to the new one.  In fact, I have seen the same thing occur on a new installation of a MS server, which did not exist prior to the move - completely randomly it is able to find the old address *somewhere* and will start to provide that address to clients.  Nothing that I have in-house has the old address defined anywhere...

    I'm at a loss as to where the old address may come from, and would appreciate any pointers.

    The address in question is 'www.godataflow.com' and the old address that comes up occasionally is 64.132.211.195...

    Thanks in advance!

    Kris

    Wednesday, April 13, 2016 8:29 PM

Answers

  • Hi Kris,

    >>I'm at a loss as to where the old address may come from, and would appreciate any pointers.

    1.You could enable 'Debug logging' on the DNS server.Check out who or what update the old IP address.

    2.Or you could perform a network captuer on problem client.Determine who sended update request.
    Here is the link of Windows network monitor:
    https://www.microsoft.com/en-us/download/details.aspx?id=4865

      Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, April 14, 2016 6:12 AM

All replies

  • Hi Kris,

    >>I'm at a loss as to where the old address may come from, and would appreciate any pointers.

    1.You could enable 'Debug logging' on the DNS server.Check out who or what update the old IP address.

    2.Or you could perform a network captuer on problem client.Determine who sended update request.
    Here is the link of Windows network monitor:
    https://www.microsoft.com/en-us/download/details.aspx?id=4865

      Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, April 14, 2016 6:12 AM
  • Thanks - I'll try the debug logging; doing a network capture would not necessarily prove useful, since it will have to run for quite a long while to see if and when it occurs the next time...  Unfortunately, the timing is entirely unpredictable, and can sometimes go for months between occurrences, while at other times it seems only a few days have gone by between times where the wrong information is available...

    Kris

    Thursday, April 14, 2016 3:03 PM