Have a rogue DHCP server handing out an incorrect DNS entry
On the network, I have switched over the voice switches to the data network as of yesterday morning. When I did this, it would appear that there is a rogue DHCP server on the network.
The DNS address on the client systems is changing from the current DHCP/DNS server 192.168.1.210 over to 192.168.1.1 which is my Fortigate Firewall.
This happened after I plugged phones into the data LAN yesterday. Every 15-20 minutes this morning I have had to go back and release and renew on the client systems to get them to where they are not looking at 192.168.1.1 (Fortigate) to 192.168.1.210 If I release and renew, it comes up correctly most times. Sometimes though it doesn't release 192.168.1.1 right away.
Rebooting doesn't work. I have rebooted the firewall and switches. It appears to have started after connecting the voice network to the data network.
Currently we have unplugged all Comcast voice services and we have plugged in the Polycom 401's and 600's. When I did a capture, from this you tube video, I only see the one DHCP server on the network. https://www.youtube.com/watch?v=uyvEa...
Any ideas on what could be handing out 192.168.1.1 DNS server IP to the workstations DHCP wise to client systems? I try to capture the packets on the network to show me if there are DHCP offer's coming from multiple IP's but I just see the one server which is my Domain Controller / DHCP server all in one.
Is there a way for me to find the source of the 192.168.1.1 DNS server hand out?
Comments
Just a few questions to better understand, What happens if you introduce a new client, a new machine on the network ? Are you able to ping both DHCP/DNS servers? Are you able to take a packet capture at boot time on the new machine connected to the network ?