• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

two entries for same IP in nslookup?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

TimDgsr

Member
Joined
Jan 17, 2002
Location
Atlanta, GA
When I do a nslookup for an ip address in my domain, it comes up as a machine in the domain. Yet if you do it again, it brings up another computer name. Basically what happens is it just alternates back and forth on two computer names for the same IP address. I've gone into the DNS and the only entry for that machine is the correct one. The other one is a complete mystery to me. It's not a machine that I've ever heard of.

anyone have any clue about this?

if you try a \\ip address, it brings up the correct machine.
 
What kind of network setup do you have?
Router/firewall? dhcp, dns servers? any kind of hardware firewall solutions running for internet access? Any kind of odd DNS server settings for clients? hosts files? Check on local machine and server. Make sure there isnt another DNS server out there. If there is try dsetting nslookup to use that and see what results you get. What is the host name of the odd lookup reply? (the one you dont recognize). What environment is this? ie windows/linux? NT/2k/2k3? etc. how many servers doing what roles. lets see some info here :)

As for testing. get a hold of a packet sniffer and a port scanner and scan for traffic to that IP address (and/or hostnames) to see what kind of things are running on the 'rogue' machine. see if you can track it down or something, find out what OS it runs, etc. Also check to see if you have dynamic updates enabled or disabled on your DNS server. also try doing tracert to the hostnames and IP addresses to try some more tracking.
 
Back