A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

What is the purpose of 127.0.0.1 as DNS server?



 
 
Thread Tools Display Modes
  #1  
Old May 31st 06, 01:21 AM posted to comp.protocols.tcp-ip,uk.telecom.broadband
Mister C
external usenet poster
 
Posts: 4
Default What is the purpose of 127.0.0.1 as DNS server?

I am on XP and attach via cable.

In my network connection icon, I used to have the two DNS server address
es as xxx.yyy.4.100 and xxx.yyy.8.100.

Since then some application has set the first of those DNS entries to
127.0.0.1.

What is the prupose of this?

Should I change it back to the original value?

  #2  
Old May 31st 06, 05:47 AM posted to comp.protocols.tcp-ip,uk.telecom.broadband
Barry Margolin
external usenet poster
 
Posts: 6
Default What is the purpose of 127.0.0.1 as DNS server?

In article ,
Rick Jones wrote:

In comp.protocols.tcp-ip Mister C wrote:
Since then some application has set the first of those DNS entries to
127.0.0.1.


What is the prupose of this?


Typically, when one sees "127.0.0.1" in the list of DNS servers it
suggests that one is running a local, caching-only name server.

Again typically, a local, caching-only name server is intended to
"speed-up" repeated, duplicate queries.

In the case of running a caching-only name server, this "speed-up" is
likely only in the sense of wall-clock time and may not be in the
sense of overall capacity as it likely the sum of the cycles to send
to the local name server and its cycles to lookup the RR is greater
than simply sending the queries to a set of remote nameservers.
Assuming of course one can generate sufficient parallelism and if one
ignores the load on the remote nameservers

Should I change it back to the original value?


Does the application which set the first to 127.0.0.1 also cause a
local name server to run and does said application make lots of DNS
queries?


I'll bet it's some kind of ad-blocker. A common way to perform this is
by intercepting DNS lookups for the advertiser site name.

--
Barry Margolin,
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
  #3  
Old May 31st 06, 10:31 AM posted to comp.protocols.tcp-ip,uk.telecom.broadband
Mister C
external usenet poster
 
Posts: 4
Default What is the purpose of 127.0.0.1 as DNS server?

On 31 May 2006, Barry wrote:


In article ,
Rick Jones wrote:

In comp.protocols.tcp-ip Mister C wrote:
Since then some application has set the first of those DNS
entries to 127.0.0.1.


What is the prupose of this?


Typically, when one sees "127.0.0.1" in the list of DNS servers it
suggests that one is running a local, caching-only name server.

Again typically, a local, caching-only name server is intended to
"speed-up" repeated, duplicate queries.

In the case of running a caching-only name server, this "speed-up"
is likely only in the sense of wall-clock time and may not be in
the sense of overall capacity as it likely the sum of the cycles
to send to the local name server and its cycles to lookup the RR
is greater than simply sending the queries to a set of remote
nameservers. Assuming of course one can generate sufficient
parallelism and if one ignores the load on the remote nameservers


Should I change it back to the original value?


Does the application which set the first to 127.0.0.1 also cause a
local name server to run and does said application make lots of
DNS queries?


I'll bet it's some kind of ad-blocker. A common way to perform
this is by intercepting DNS lookups for the advertiser site name.



I used to run the DNS server, Treewalk. I took it out although it was a
bit messy to uninstall it. Maybe there are some remnants I should
remove by hand?

I also run Avast antivirus and Sygate firewall.
I get the following output on a netstat.
Seems like a lot of strange stuff there.
Are those 0.0.0.0 entries a possible source of worry?
Is the 127.0.0.1 as expected?

-----------------

C:\Documents and Settings\MisterCnetstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:7 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9 0.0.0.0:0 LISTENING
TCP 0.0.0.0:13 0.0.0.0:0 LISTENING
TCP 0.0.0.0:17 0.0.0.0:0 LISTENING
TCP 0.0.0.0:19 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
UDP 0.0.0.0:7 *:*
UDP 0.0.0.0:9 *:*
UDP 0.0.0.0:13 *:*
UDP 0.0.0.0:17 *:*
UDP 0.0.0.0:19 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1025 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:1028 *:*
UDP 0.0.0.0:1602 *:*
UDP 0.0.0.0:1604 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:1027 *:*

------------ END
  #4  
Old May 31st 06, 12:52 PM posted to comp.protocols.tcp-ip,uk.telecom.broadband
Jim Howes
external usenet poster
 
Posts: 104
Default What is the purpose of 127.0.0.1 as DNS server?

Mister C wrote:
I also run Avast antivirus and Sygate firewall.
I get the following output on a netstat.
Seems like a lot of strange stuff there.
Are those 0.0.0.0 entries a possible source of worry?


No. It just means that the system is willing to accept connections to those
ports from anywhere. (Note that UDP ports do not 'listen', because UDP is a
connectionless protocol)

Port 7 is echo; anything sent to the port is sent straight back. Not usually open.
Port 9 is discard; anything sent to port 9 is dropped, used mainly for
debugging network services, or as a firewall port redirection target to keep the
hackers busy talking to a wall. Not usually open.
Port 13 is daytime; Connecting to the port should return an ascii date and
time. Usually opened by NTP servers.
Port 17 is qotd (Quote of the day). Seems unusual to be listening on that.
Port 19 is chargen. Connecting to that port generates heaps of ascii data, used
mainly for debugging network services
Port 445 is microsoft-ds; This is related to file and printer sharing.
Port 500 is isakmp (Internet Key Exchange (UDP only)). Usually opened by
LSASS.EXE (Presumably this is normal)
The remaining high numbered ports are likely to be ports created by some
application or other and could be incoming or outgoing connections.

Is the 127.0.0.1 as expected?


If you have 127.0.0.1 in your DNS server settings, it is probably something like
explorer trying to resolve a name. As there is nothing listening on port 53
there is nothing on the end of that port.

http://www.sysinternals.com/Utilities/TcpView.html is a tool that will identify
(on NT/2K/XP) the process associated with a port.

Quite why you have ports 7,9,13,17,19 open, I don't know. These are usually
associated with various BSD-derived versions of inetd, which does not typically
run on a windows system. What process has them open (follow the link above)

It is possible that these ports have been opened by your security software as a
decoy or trap of some kind. What does TcpView show?
  #5  
Old May 31st 06, 03:55 PM posted to comp.protocols.tcp-ip,uk.telecom.broadband
Geoff
external usenet poster
 
Posts: 18
Default What is the purpose of 127.0.0.1 as DNS server?


"Mister C" wrote in message
...
I am on XP and attach via cable.

In my network connection icon, I used to have the two DNS server address
es as xxx.yyy.4.100 and xxx.yyy.8.100.

Since then some application has set the first of those DNS entries to
127.0.0.1.

What is the prupose of this?

Should I change it back to the original value?


just set it to auto ?
unless your provider is crap, it should be fine


  #6  
Old May 31st 06, 08:30 PM posted to comp.protocols.tcp-ip,uk.telecom.broadband
Stu C
external usenet poster
 
Posts: 5
Default What is the purpose of 127.0.0.1 as DNS server?


"Mister C" wrote in message
...
I am on XP and attach via cable.

In my network connection icon, I used to have the two DNS server address
es as xxx.yyy.4.100 and xxx.yyy.8.100.

Since then some application has set the first of those DNS entries to
127.0.0.1.

What is the prupose of this?

Should I change it back to the original value?


127.0.0.1 refers to your local machine AKA Localhost, sometimes due
antivirus scanners, mailwasher, Internet server type applications....


  #7  
Old June 1st 06, 02:24 AM posted to comp.protocols.tcp-ip,uk.telecom.broadband
Zak
external usenet poster
 
Posts: 5
Default What is the purpose of 127.0.0.1 as DNS server?

On 31 May 2006, Jim
wrote:

If you have 127.0.0.1 in your DNS server settings, it is probably
something like explorer trying to resolve a name. As there is
nothing listening on port 53 there is nothing on the end of that
port.

http://www.sysinternals.com/Utilities/TcpView.html is a tool that
will identify (on NT/2K/XP) the process associated with a port.

Quite why you have ports 7,9,13,17,19 open, I don't know. These
are usually associated with various BSD-derived versions of inetd,
which does not typically run on a windows system. What process has
them open (follow the link above)

It is possible that these ports have been opened by your security
software as a decoy or trap of some kind. What does TcpView show?


Thank you for a very useful commentary on the ports I showed in my
posting.

TcpView shows that C:\WINDOWS\System32\tcpsvcs.exe is assigned to these
ports. It has a UDP and a TCP line for each of the ports 7,9,13,17,19.

BTW I notice I have got Network Monitor Driver in my broadband
connectoid icon in the "Network" folder. I don't know if this is
relevant.

I found this with Google
http://www.wilderssecurity.com/showthread.php?t=116568

http://process.networktechs.com/tcpsvcs.exe.php says
"tcpsvcs.exe is an essential service for Windows systems using the
TCP/IP protocol"

But the posts at this place found that it can burn cpu on bootup and I
found this too although it seemed to stop a fert a feww reboots.
http://www.neuber.com/taskmanager/pr...psvcs.exe.html
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
BT problems - is it because they screw you up on purpose after a d/l limit? [email protected] uk.telecom.broadband (UK broadband) 4 October 18th 05 12:19 PM
WG311T wireless card is showing c.root-server.net and other root-server.net in netstat. Robert uk.comp.home-networking (UK home networking) 1 May 6th 05 10:13 PM
looking for isp (uk) with large capacity server-side multiple pop3 and good newsgroup server StarBuck uk.telecom.broadband (UK broadband) 0 April 4th 04 06:34 AM
looking for isp (uk) with large capacity server-side multiple pop3 and good newsgroup server Ian uk.telecom.broadband (UK broadband) 0 April 2nd 04 01:27 PM
NAT vs non-NAT for web server? Martin Cooper uk.telecom.broadband (UK broadband) 0 August 4th 03 08:42 PM


All times are GMT +1. The time now is 08:41 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.