Multiple reverse DNS record internal DNS

A user was having trouble connecting to the internet, some sites worked some sites did not.

I do not think it has anything to do with networking gear, but just in case.

2 firewall, Palo-Alto

4 Cisco Nexus 55XXT Switch

We did not make any network changes since last week about 10 days ago and everything ran fine.

The only thing I can see that stands out is if I ping one of the machines in question is it will resolve to a different IP than what the machine Actually has

We are getting multiple network alarms about IP conflicts 2 per hour for the last day.

This was only affecting 2 users

From one of the PC having the issue:

C:\>ipconfig | find "IPv4"
   IPv4 Address. . . . . . . . . . . : 12.43.168.248

C:\>hostname
    hostname-18

Ping from different machine.

C:\>ping hostname-18
Pinging hostname-18.domain.com [12.43.168.105] with 32 bytes

Nslookup from different machine.

C:\>nslookup 12.43.168.105
Server:  ad-server.domain.com
Address:  12.43.168.83

Name:    hostname-18.domain.com
Address:  12.43.168.105


C:\>nslookup 12.43.168.248
Server:  ad-server.domain.com
Address:  12.43.168.83

Name:    hostname-18.domain.com
Address:  12.43.168.248

C:\>nslookup hostname-18
Server:  ad-server.domain.com
Address:  12.43.168.83

Name:    hostname-18.domain.com
Address:  12.43.168.105

We found out there were two reverse DNS entries hostname-18.

How or why would this happen? What could cause this?


We see from your output that IP address was changed from 12.43.168.248 to 12.43.168.105. This is not a big problem if you use DHCP. But this is very uncommon behavior if you use DHCP on Windows Server - it keeps leasing info by default, so you have a big chance that your DHCP pool is over.


I think most likely a DHCP issue. Possibly you have multiple servers/devices with DHCP role leasing IP's with same network range (Maybe a Router has DHCP role as well as Windows Server), your servers/printers don't have static IP or reservation or your DHCP server leases IP addresses for too short a time. Does the event log on DHCP server have any entries that stand out as possible cause?