Bad DNS record getting into DNS Client Cache

Hello,

my question
Is there a way to check or record from where the Windows XP pro workstation is getting the wrong IP address and placing it into its DNS cache?

Scenario
We are connected to a multiple forest/domain network. All of our user workstations run Windows XP using DHCP and DNS Client. There are two databases our users access that are not on our domain. Through DHCP we append these DNS suffixes:
OurCompany.net
OurCompany.com
Company_A.com
Company_B.net
Company_B.com

About 100 of our users must access a database multiple times a day on Company_A.com network.
Company_A is not on a trusted domain. Via group policies we map a V. to \\databaseserver1.Company_A.com\DatabaseRecord
We also have OBDC setup to access the database above.

Our users are accessing records and images of documents on the database above. Most of the time there is no problem accessing the images. About 5 times a week we get a call from one of our users where they no longer can access the images on this server. The user have already looked at 3 document images in the last 2 minutes and when they go to look at image 4 nothing happens.
We have discovered if we flush the DNS cache the user can start accessing the images on this database.
For example purposes the correct IP address for the server above would be 172.16.99.100 but when the workstation starts having the problem and we ping databaseserver1 it is sending the ping request from 198.140.240.14 .
Is there a way to check or record from where the Windows XP pro workstation is getting the wrong IP address and placing it into its DNS cache?

Thanks for your assistance,
Greg

The tool best used in Windows would be "nslookup" on the command line. It can be used to simulate queries to the name servers. You can find the name servers the PC is using by the "ipconfig /all" command.

The Windows resolver will only query the name servers listed in the ipconfig section. If none are listed, queries are broadcasted, so that can cause some confusion if DHCP was not set up properly and missing DNS data. That can also cause conflicting or inconsistent answers. Now if a program is set to query a specific server, that will bypass what Windows has for DNS servers altogether.

If you really want to see queries and responses at the network level you should use a packet capture/analysis tool like wireshark.

This will show you exactly what is being queried for and where the response is coming from. Wireshark is a very good protocol decoder and should display your DNS packets in a meaningful way.