Server changing DNS settings spontaneously?
By the gods, I've had a fun morning. Had someone from the police hi-tech crime unit in to get data on one of our students for an investigation (don't ask, I don't know), so of course, this being a day when i'm relying on everything working, Exchange was completely buggered up this morning when I came in - bleating about not being able to find a domain controller, even though all 3 were up and fine.
Lots of panicky investigation turned up that the DNS on the NIC had reset to 126.96.36.199 // 188.8.131.52, hence it being unable to find anything on the domain. Switching that back to the correct values corrected the errors and got everything running again.
However: wtf? How can a NIC spontaneously change its DNS settings? It's got me real scared now, because as far as I can tell, that shouldn't just happen. It seemed to switch about 18:50 last night, when there were a couple of webmail users on (me and one of the reception staff) and nothing else. Win2003R2 x64, Exchange 2007, on a three year old HP ProLiant of some description - the NIC is a HP NC373i Multifunction GbE Adapter, anyway.
Anyone got any clues? I hate to be paranoid, but hacking is not a million miles away from my mind right now, even though the logs show nothing other than
Originally Posted by Server