Ask Your Question

Revision history [back]

Have a rogue DHCP server handing out an incorrect DNS entry

On the network, I have switched over the voice switches to the data network as of yesterday morning. When I did this, it would appear that there is a rogue DHCP server on the network.

The DNS address on the client systems is changing from the current DHCP/DNS server over to which is my Fortigate Firewall.

This happened after I plugged phones into the data LAN yesterday. Every 15-20 minutes this morning I have had to go back and release and renew on the client systems to get them to where they are not looking at (Fortigate) to If I release and renew, it comes up correctly most times. Sometimes though it doesn't release right away.

Rebooting doesn't work. I have rebooted the firewall and switches. It appears to have started after connecting the voice network to the data network.

Currently we have unplugged all Comcast voice services and we have plugged in the Polycom 401's and 600's. When I did a capture, from this you tube video, I only see the one DHCP server on the network.

Any ideas on what could be handing out DNS server IP to the workstations DHCP wise to client systems? I try to capture the packets on the network to show me if there are DHCP offer's coming from multiple IP's but I just see the one server which is my Domain Controller / DHCP server all in one.

Is there a way for me to find the source of the DNS server hand out?