What is the purpose of 127.0.0.1 as DNS server? - TCP-IP

This is a discussion on What is the purpose of 127.0.0.1 as DNS server? - TCP-IP ; I am on XP and attach via cable. In my network connection icon, I used to have the two DNS server address es as xxx.yyy.4.100 and xxx.yyy.8.100. Since then some application has set the first of those DNS entries to ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: What is the purpose of 127.0.0.1 as DNS server?

  1. What is the purpose of 127.0.0.1 as DNS server?

    I am on XP and attach via cable.

    In my network connection icon, I used to have the two DNS server address
    es as xxx.yyy.4.100 and xxx.yyy.8.100.

    Since then some application has set the first of those DNS entries to
    127.0.0.1.

    What is the prupose of this?

    Should I change it back to the original value?


  2. Re: What is the purpose of 127.0.0.1 as DNS server?

    In comp.protocols.tcp-ip Mister C wrote:
    > Since then some application has set the first of those DNS entries to
    > 127.0.0.1.


    > What is the prupose of this?


    Typically, when one sees "127.0.0.1" in the list of DNS servers it
    suggests that one is running a local, caching-only name server.

    Again typically, a local, caching-only name server is intended to
    "speed-up" repeated, duplicate queries.

    In the case of running a caching-only name server, this "speed-up" is
    likely only in the sense of wall-clock time and may not be in the
    sense of overall capacity as it likely the sum of the cycles to send
    to the local name server and its cycles to lookup the RR is greater
    than simply sending the queries to a set of remote nameservers.
    Assuming of course one can generate sufficient parallelism and if one
    ignores the load on the remote nameservers

    > Should I change it back to the original value?


    Does the application which set the first to 127.0.0.1 also cause a
    local name server to run and does said application make lots of DNS
    queries?

    rick jones
    --
    oxymoron n, Hummer H2 with California Save Our Coasts and Oceans plates
    these opinions are mine, all mine; HP might not want them anyway...
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

  3. Re: What is the purpose of 127.0.0.1 as DNS server?

    In article ,
    Rick Jones wrote:

    > In comp.protocols.tcp-ip Mister C wrote:
    > > Since then some application has set the first of those DNS entries to
    > > 127.0.0.1.

    >
    > > What is the prupose of this?

    >
    > Typically, when one sees "127.0.0.1" in the list of DNS servers it
    > suggests that one is running a local, caching-only name server.
    >
    > Again typically, a local, caching-only name server is intended to
    > "speed-up" repeated, duplicate queries.
    >
    > In the case of running a caching-only name server, this "speed-up" is
    > likely only in the sense of wall-clock time and may not be in the
    > sense of overall capacity as it likely the sum of the cycles to send
    > to the local name server and its cycles to lookup the RR is greater
    > than simply sending the queries to a set of remote nameservers.
    > Assuming of course one can generate sufficient parallelism and if one
    > ignores the load on the remote nameservers
    >
    > > Should I change it back to the original value?

    >
    > Does the application which set the first to 127.0.0.1 also cause a
    > local name server to run and does said application make lots of DNS
    > queries?


    I'll bet it's some kind of ad-blocker. A common way to perform this is
    by intercepting DNS lookups for the advertiser site name.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***

  4. Re: What is the purpose of 127.0.0.1 as DNS server?

    On 31 May 2006, Barry Margolin wrote:

    >
    > In article ,
    > Rick Jones wrote:
    >
    >> In comp.protocols.tcp-ip Mister C wrote:
    >> > Since then some application has set the first of those DNS
    >> > entries to 127.0.0.1.

    >>
    >> > What is the prupose of this?

    >>
    >> Typically, when one sees "127.0.0.1" in the list of DNS servers it
    >> suggests that one is running a local, caching-only name server.
    >>
    >> Again typically, a local, caching-only name server is intended to
    >> "speed-up" repeated, duplicate queries.
    >>
    >> In the case of running a caching-only name server, this "speed-up"
    >> is likely only in the sense of wall-clock time and may not be in
    >> the sense of overall capacity as it likely the sum of the cycles
    >> to send to the local name server and its cycles to lookup the RR
    >> is greater than simply sending the queries to a set of remote
    >> nameservers. Assuming of course one can generate sufficient
    >> parallelism and if one ignores the load on the remote nameservers
    >>
    >>
    >> > Should I change it back to the original value?

    >>
    >> Does the application which set the first to 127.0.0.1 also cause a
    >> local name server to run and does said application make lots of
    >> DNS queries?

    >
    > I'll bet it's some kind of ad-blocker. A common way to perform
    > this is by intercepting DNS lookups for the advertiser site name.



    I used to run the DNS server, Treewalk. I took it out although it was a
    bit messy to uninstall it. Maybe there are some remnants I should
    remove by hand?

    I also run Avast antivirus and Sygate firewall.
    I get the following output on a netstat.
    Seems like a lot of strange stuff there.
    Are those 0.0.0.0 entries a possible source of worry?
    Is the 127.0.0.1 as expected?

    -----------------

    C:\Documents and Settings\MisterC>netstat -an
    Active Connections
    Proto Local Address Foreign Address State
    TCP 0.0.0.0:7 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:9 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:13 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:17 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:19 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    UDP 0.0.0.0:7 *:*
    UDP 0.0.0.0:9 *:*
    UDP 0.0.0.0:13 *:*
    UDP 0.0.0.0:17 *:*
    UDP 0.0.0.0:19 *:*
    UDP 0.0.0.0:445 *:*
    UDP 0.0.0.0:500 *:*
    UDP 0.0.0.0:1025 *:*
    UDP 0.0.0.0:1026 *:*
    UDP 0.0.0.0:1028 *:*
    UDP 0.0.0.0:1602 *:*
    UDP 0.0.0.0:1604 *:*
    UDP 0.0.0.0:4500 *:*
    UDP 127.0.0.1:1027 *:*

    ------------ END

  5. Re: What is the purpose of 127.0.0.1 as DNS server?

    Mister C wrote:
    > I also run Avast antivirus and Sygate firewall.
    > I get the following output on a netstat.
    > Seems like a lot of strange stuff there.
    > Are those 0.0.0.0 entries a possible source of worry?


    No. It just means that the system is willing to accept connections to those
    ports from anywhere. (Note that UDP ports do not 'listen', because UDP is a
    connectionless protocol)

    Port 7 is echo; anything sent to the port is sent straight back. Not usually open.
    Port 9 is discard; anything sent to port 9 is dropped, used mainly for
    debugging network services, or as a firewall port redirection target to keep the
    hackers busy talking to a wall. Not usually open.
    Port 13 is daytime; Connecting to the port should return an ascii date and
    time. Usually opened by NTP servers.
    Port 17 is qotd (Quote of the day). Seems unusual to be listening on that.
    Port 19 is chargen. Connecting to that port generates heaps of ascii data, used
    mainly for debugging network services
    Port 445 is microsoft-ds; This is related to file and printer sharing.
    Port 500 is isakmp (Internet Key Exchange (UDP only)). Usually opened by
    LSASS.EXE (Presumably this is normal)
    The remaining high numbered ports are likely to be ports created by some
    application or other and could be incoming or outgoing connections.

    > Is the 127.0.0.1 as expected?


    If you have 127.0.0.1 in your DNS server settings, it is probably something like
    explorer trying to resolve a name. As there is nothing listening on port 53
    there is nothing on the end of that port.

    http://www.sysinternals.com/Utilities/TcpView.html is a tool that will identify
    (on NT/2K/XP) the process associated with a port.

    Quite why you have ports 7,9,13,17,19 open, I don't know. These are usually
    associated with various BSD-derived versions of inetd, which does not typically
    run on a windows system. What process has them open (follow the link above)

    It is possible that these ports have been opened by your security software as a
    decoy or trap of some kind. What does TcpView show?

  6. Re: What is the purpose of 127.0.0.1 as DNS server?


    "Mister C" wrote in message
    news:Xns97D43AA317A501A4D@127.0.0.1...
    >I am on XP and attach via cable.
    >
    > In my network connection icon, I used to have the two DNS server address
    > es as xxx.yyy.4.100 and xxx.yyy.8.100.
    >
    > Since then some application has set the first of those DNS entries to
    > 127.0.0.1.
    >
    > What is the prupose of this?
    >
    > Should I change it back to the original value?
    >


    just set it to auto ?
    unless your provider is crap, it should be fine



  7. Re: What is the purpose of 127.0.0.1 as DNS server?


    "Mister C" wrote in message
    news:Xns97D43AA317A501A4D@127.0.0.1...
    >I am on XP and attach via cable.
    >
    > In my network connection icon, I used to have the two DNS server address
    > es as xxx.yyy.4.100 and xxx.yyy.8.100.
    >
    > Since then some application has set the first of those DNS entries to
    > 127.0.0.1.
    >
    > What is the prupose of this?
    >
    > Should I change it back to the original value?
    >


    127.0.0.1 refers to your local machine AKA Localhost, sometimes due
    antivirus scanners, mailwasher, Internet server type applications....



  8. Re: What is the purpose of 127.0.0.1 as DNS server?

    On 31 May 2006, Jim Howes
    wrote:

    > If you have 127.0.0.1 in your DNS server settings, it is probably
    > something like explorer trying to resolve a name. As there is
    > nothing listening on port 53 there is nothing on the end of that
    > port.
    >
    > http://www.sysinternals.com/Utilities/TcpView.html is a tool that
    > will identify (on NT/2K/XP) the process associated with a port.
    >
    > Quite why you have ports 7,9,13,17,19 open, I don't know. These
    > are usually associated with various BSD-derived versions of inetd,
    > which does not typically run on a windows system. What process has
    > them open (follow the link above)
    >
    > It is possible that these ports have been opened by your security
    > software as a decoy or trap of some kind. What does TcpView show?


    Thank you for a very useful commentary on the ports I showed in my
    posting.

    TcpView shows that C:\WINDOWS\System32\tcpsvcs.exe is assigned to these
    ports. It has a UDP and a TCP line for each of the ports 7,9,13,17,19.

    BTW I notice I have got Network Monitor Driver in my broadband
    connectoid icon in the "Network" folder. I don't know if this is
    relevant.

    I found this with Google
    http://www.wilderssecurity.com/showthread.php?t=116568

    http://process.networktechs.com/tcpsvcs.exe.php says
    "tcpsvcs.exe is an essential service for Windows systems using the
    TCP/IP protocol"

    But the posts at this place found that it can burn cpu on bootup and I
    found this too although it seemed to stop a fert a feww reboots.
    http://www.neuber.com/taskmanager/pr...psvcs.exe.html

+ Reply to Thread