Rogue DNS settings - DHCP

[dgcm]

I've had a couple of users who couldn't access resources on the corporate network (resources and pages host elsewhere within the organisation) when I checked the IP settings on the machine they had picked up DNS settings that weren't those given out by DHCP. They'd picked up and were trying to use 208.67.222.222 and 208.67.220.220

I've ran a virus scan on the machines but it hasn't picked up anything.

Just wondered if anyone had come across this before and knew what caused it.

 

[itsp1965]

Using the DNS Stuff site you can obtain info regarding these IPs

http://private.dnsstuff.com/tools/ipall.ch?ip=208.67.222.222

http://private.dnsstuff.com/tools/ipall.ch?ip=208.67.220.220

HTH

 

[lhuegele]

Depdning on the machine, we've seen folks having this same problem that turned out their home IP settings weren't released for one reason or another. We tracked down that most users who experienced this had been working from home in the morning just fine, but they put their computers in standby and came into the office. When they cranked up their laptops, the IP never refreshed.

Good luck,

 

[Roadki11]

Maybe this pertains maybe it doesnt, worth a look though:

http://www.tek-tips.com/viewthread.cfm?qid=1514982&page=1

RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[MichealC4]

I recognize those IPs. They are for the OpenDNS service. It is a legitimate service.

http://www.opendns.com/

How they got those IP addresses is another story.

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt