@tlyneyor Glad I could help. I’ve seen duplicates a lot, so I’m really familiar and very weary of them.
An easy way to detect rogue DHCP services is to do a packet capture on a linux box while issuing the commands to release the current lease and get a new one:
dhclient -r; dhclient. In the packet capture, you would see the rogue DHCP server’s address and MAC address.
Also, there is a way on Linux to check a specific IP address to see if there are duplicates: arping -D -q -I eth0 -c 2 192.168.1.250 ; echo $? If you get a 0 back from that command, it means there are no duplicates. 1 or anything else that isn’t 0 means there are duplicates. Note that eth0 in the command is the name of the interface you are using to send the request out of and 192.168.1.250 is the IP being tested. This does not need to be run on the affected computer, and probably should be executed on a normal-functioning system.