What is the purpose of 127.0.0.1 as DNS server?

Discussion in 'Broadband' started by Mister C, May 31, 2006.

  1. Mister C

    Mister C Guest

    I am on XP and attach via cable.

    In my network connection icon, I used to have the two DNS server address
    es as xxx.yyy.4.100 and xxx.yyy.8.100.

    Since then some application has set the first of those DNS entries to
    127.0.0.1.

    What is the prupose of this?

    Should I change it back to the original value?
     
    Mister C, May 31, 2006
    #1
    1. Advertisements

  2. Mister C

    Rick Jones Guest

    Typically, when one sees "127.0.0.1" in the list of DNS servers it
    suggests that one is running a local, caching-only name server.

    Again typically, a local, caching-only name server is intended to
    "speed-up" repeated, duplicate queries.

    In the case of running a caching-only name server, this "speed-up" is
    likely only in the sense of wall-clock time and may not be in the
    sense of overall capacity as it likely the sum of the cycles to send
    to the local name server and its cycles to lookup the RR is greater
    than simply sending the queries to a set of remote nameservers.
    Assuming of course one can generate sufficient parallelism and if one
    ignores the load on the remote nameservers :)
    Does the application which set the first to 127.0.0.1 also cause a
    local name server to run and does said application make lots of DNS
    queries?

    rick jones
     
    Rick Jones, May 31, 2006
    #2
    1. Advertisements

  3. I'll bet it's some kind of ad-blocker. A common way to perform this is
    by intercepting DNS lookups for the advertiser site name.
     
    Barry Margolin, May 31, 2006
    #3
  4. Mister C

    Mister C Guest


    I used to run the DNS server, Treewalk. I took it out although it was a
    bit messy to uninstall it. Maybe there are some remnants I should
    remove by hand?

    I also run Avast antivirus and Sygate firewall.
    I get the following output on a netstat.
    Seems like a lot of strange stuff there.
    Are those 0.0.0.0 entries a possible source of worry?
    Is the 127.0.0.1 as expected?

    -----------------

    C:\Documents and Settings\MisterC>netstat -an
    Active Connections
    Proto Local Address Foreign Address State
    TCP 0.0.0.0:7 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:9 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:13 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:17 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:19 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    UDP 0.0.0.0:7 *:*
    UDP 0.0.0.0:9 *:*
    UDP 0.0.0.0:13 *:*
    UDP 0.0.0.0:17 *:*
    UDP 0.0.0.0:19 *:*
    UDP 0.0.0.0:445 *:*
    UDP 0.0.0.0:500 *:*
    UDP 0.0.0.0:1025 *:*
    UDP 0.0.0.0:1026 *:*
    UDP 0.0.0.0:1028 *:*
    UDP 0.0.0.0:1602 *:*
    UDP 0.0.0.0:1604 *:*
    UDP 0.0.0.0:4500 *:*
    UDP 127.0.0.1:1027 *:*

    ------------ END
     
    Mister C, May 31, 2006
    #4
  5. Mister C

    Jim Howes Guest

    No. It just means that the system is willing to accept connections to those
    ports from anywhere. (Note that UDP ports do not 'listen', because UDP is a
    connectionless protocol)

    Port 7 is echo; anything sent to the port is sent straight back. Not usually open.
    Port 9 is discard; anything sent to port 9 is dropped, used mainly for
    debugging network services, or as a firewall port redirection target to keep the
    hackers busy talking to a wall. Not usually open.
    Port 13 is daytime; Connecting to the port should return an ascii date and
    time. Usually opened by NTP servers.
    Port 17 is qotd (Quote of the day). Seems unusual to be listening on that.
    Port 19 is chargen. Connecting to that port generates heaps of ascii data, used
    mainly for debugging network services
    Port 445 is microsoft-ds; This is related to file and printer sharing.
    Port 500 is isakmp (Internet Key Exchange (UDP only)). Usually opened by
    LSASS.EXE (Presumably this is normal)
    The remaining high numbered ports are likely to be ports created by some
    application or other and could be incoming or outgoing connections.
    If you have 127.0.0.1 in your DNS server settings, it is probably something like
    explorer trying to resolve a name. As there is nothing listening on port 53
    there is nothing on the end of that port.

    http://www.sysinternals.com/Utilities/TcpView.html is a tool that will identify
    (on NT/2K/XP) the process associated with a port.

    Quite why you have ports 7,9,13,17,19 open, I don't know. These are usually
    associated with various BSD-derived versions of inetd, which does not typically
    run on a windows system. What process has them open (follow the link above)

    It is possible that these ports have been opened by your security software as a
    decoy or trap of some kind. What does TcpView show?
     
    Jim Howes, May 31, 2006
    #5
  6. Mister C

    Geoff Guest

    just set it to auto ?
    unless your provider is crap, it should be fine
     
    Geoff, May 31, 2006
    #6
  7. Mister C

    Stu C Guest

    127.0.0.1 refers to your local machine AKA Localhost, sometimes due
    antivirus scanners, mailwasher, Internet server type applications....
     
    Stu C, May 31, 2006
    #7
  8. Mister C

    Zak Guest

    Thank you for a very useful commentary on the ports I showed in my
    posting.

    TcpView shows that C:\WINDOWS\System32\tcpsvcs.exe is assigned to these
    ports. It has a UDP and a TCP line for each of the ports 7,9,13,17,19.

    BTW I notice I have got Network Monitor Driver in my broadband
    connectoid icon in the "Network" folder. I don't know if this is
    relevant.

    I found this with Google
    http://www.wilderssecurity.com/showthread.php?t=116568

    http://process.networktechs.com/tcpsvcs.exe.php says
    "tcpsvcs.exe is an essential service for Windows systems using the
    TCP/IP protocol"

    But the posts at this place found that it can burn cpu on bootup and I
    found this too although it seemed to stop a fert a feww reboots.
    http://www.neuber.com/taskmanager/process/tcpsvcs.exe.html
     
    Zak, Jun 1, 2006
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.