Home/Toolchest

DNS and DHCP Health Check

A diagnostic DNS and DHCP triage flow that captures evidence, follows decision branches, and explains what each result means before changing anything.

Good For

  • Windows DNS issues
  • small-office DHCP
  • VPN name resolution
  • mystery connectivity failures

How to Use It

  1. Capture the client's IP address, subnet, gateway, DNS servers, interface alias, and connection profile before changing anything.
  2. If the client has no gateway or the gateway is unreachable, treat this as a local network, VLAN, Wi-Fi, VPN, or DHCP path issue before blaming DNS.
  3. Resolve the target through the client's default DNS path and again through the expected internal DNS server.
  4. If default DNS fails but direct internal DNS works, check VPN DNS assignment, interface priority, split DNS, or public DNS leakage.
  5. If both lookups return different answers, compare stale records, duplicate A records, load balancer records, and conditional forwarders.
  6. If DNS succeeds but the application still fails, move to port testing or service-specific troubleshooting instead of flushing caches.
  7. Compare DHCP lease details against the expected scope, reservation, VLAN, or VPN pool.
  8. Flush DNS only after recording the failing answer so you can prove what changed and avoid destroying evidence.

Execution Modes

  • local

Inputs and Outputs

Inputs

  • target hostname
  • known-good client
  • expected DNS servers
  • expected DHCP scope

Outputs

  • verbose-console
  • operator-notes

Command Starter

Safe to run: read-only

$Target = "server01.contoso.com"
$ExpectedDnsServer = "10.10.10.10"
$client = Get-NetIPConfiguration
$dnsServers = Get-DnsClientServerAddress -AddressFamily IPv4
$defaultLookup = Resolve-DnsName $Target -ErrorAction SilentlyContinue
$directLookup = Resolve-DnsName $Target -Server $ExpectedDnsServer -ErrorAction SilentlyContinue
$gatewayReachable = Test-Connection $client.IPv4DefaultGateway.NextHop -Count 2 -Quiet
[pscustomobject]@{ Target = $Target; ClientIPv4 = $client.IPv4Address.IPAddress; Gateway = $client.IPv4DefaultGateway.NextHop; GatewayReachable = $gatewayReachable; ClientDnsServers = ($dnsServers.ServerAddresses -join ', '); DefaultLookup = ($defaultLookup.IPAddress -join ', '); ExpectedDnsLookup = ($directLookup.IPAddress -join ', ') }

Validation

  • The client resolves the expected host to the expected address.
  • The client can renew a lease from the expected DHCP scope.
  • The direct DNS-server lookup and default client lookup agree, or the difference is documented.
  • The failing app or service reaches the target without using a hard-coded IP workaround.

Reporting

  • copy the summary object into ticket notes
  • attach lease and DNS observations when escalation is needed
  • promote repeated use into a CSV/HTML DNS triage report pack if multiple hosts or sites are involved

Safety Notes

  • Capture failing answers before flushing caches.
  • Do not change DHCP reservations or DNS records during the evidence pass.