Persistant Win2k DNS problem.

I don't really know how to explain this.

A group of guys I play MW4 with run a new-player resource site, www.teambanzai.net. Sometime late last week or over the weekend, something royally fucked up and has been trying to resolve www.teambanzai.net to 206.77.87.70. We run our own DNS servers, the primary on one of our game servers (216.77.87.82) and the secondary on the same box hosting the website (216.77.87.70). You'll note that the wrong IP and the correct IP for the website differ only in the first octet, and only by one number. Attempts to ping or tracert 206.77.87.70 result in nothing.

I have (repeatedly) verified that our registrar, AIT Domains, has the proper IP entries for our nameservers. I have checked our DNS servers to be sure that they both list the www machine as the proper IP address. I'm at a loss. I'm too unfamiliar with DNS specifically and the actual software mechanics of running a website in general to know how to even begin troubleshooting this.

All machines are running Windows2000 server without Active Directory.

The only additional piece of information that may or may not be pertinent is that this mess started when we had a player leave in a bit of a hissy. He had been hosting our NS2 DNS server as well as an Exchange server, and took them both offline overnight with no warning. He knows a shitload more about this kind of stuff than I do, so my immediate guess was that he'd deliberately tampered with something, but I've found no evidence of that. All usernames and passwords have been changed, and none of the entries on our machines have ever been erroneous.

Someone help, please?

Things you should check:

Your primary dns server for your network:
-on the interface connected to the net, the dns server should be itself, along with the internal interface (127.0.0.1 or it's actual IP address)
-your win2k dns server should be configured to host your zone only, if you have a root zone (shown by a .) then get rid of it.
-your dns server should be configured to use forwarders, pointing to your ISP dns servers.
-if you have secondary dns servers, they should point to the primary dns (the one we just discussed) first as preferred, then round robin them to each other as alternates.
-when reconfigured, stop your dns service (net stop dns), ipconfig /flushdns on all your boxes to get rid of cached info, then restart dns (primary first - net start dns)
check in your zones for any non relevent records that may be redirecting you (cnames, aliases etc)
-if you allow zone transfers, only allow it to the servers on your name servers tab (your internal replication partners)

Then perform a nsslookup, change to your primary dns server if necessary, and do a lookup for the site in question.
Attempts to ping or tracert 206.77.87.70 result in nothing. If this is true, you more than likely have an IP or routing issue in addition to any dns issues.

Originally posted by FUBAR|Ascain
-your dns server should be configured to use forwarders, pointing to your ISP dns servers.
-when reconfigured, stop your dns service (net stop dns), ipconfig /flushdns on all your boxes to get rid of cached info, then restart dns (primary first - net start dns)
check in your zones for any non relevent records that may be redirecting you (cnames, aliases etc)

I think that solved the problem. Too early yet to be sure, but it looks a damn sight more promising than it has all week. Many, many thanks.

[QUOTE]Originally posted by FUBAR|Ascain
Then perform a nsslookup, change to your primary dns server if necessary, and do a lookup for the site in question./QUOTE]
Where can a read a good explanation of nslookup; what's actually happenning when you use it, etc etc? My experience with DNS and its tools is strictly limited, and I know this is one of the more important/useful ones, but that's about all I know.

http://support.microsoft.com/default.aspx?scid=KB;en-us;q200525 will give you all the info you could want.

Thanks some more.