What is purpose of 127.0.0.1 as DNS server?

[Mister C]

I am on XP and attach via cable.

In my network connection icon, I used to have the two DNS server address
es as xxx.yyy.4.100 and xxx.yyy.8.100.

Since then some application has set the first of those DNS entries to
127.0.0.1.

What is the prupose of this?

Should I change it back to the original value?

 

[Chuck]

I am on XP and attach via cable.

In my network connection icon, I used to have the two DNS server address
es as xxx.yyy.4.100 and xxx.yyy.8.100.

Since then some application has set the first of those DNS entries to
127.0.0.1.

What is the prupose of this?

Should I change it back to the original value?

This is using the internal loopback address to access the DNS server. It lets
the programs running on the server access the DNS server, using the same
interface (an IP call) as programs running on a client computer.

 

[q_q_anonymous]

are you running a dns server?

do netstat -an , do you get ":53" listed? like 0.0.0.0:53 or
127.0.0.1:53 or 192.168.0.2:53
?

 

[Mister C]

are you running a dns server?

do netstat -an , do you get ":53" listed? like 0.0.0.0:53 or
127.0.0.1:53 or 192.168.0.2:53

I used to run the DNS server, Treewalk. I took it out although it was a
bit messy to uninstall it. Maybe there are some remnants I should
remove by hand?

Now I get the following output on a netstat.
Seems like a lot of stuff there.
Are those 0.0.0.0 entries a possible source of worry?
Maybe my Avast antivirus is causing a lot of it?


-----------------

C:\Documents and Settings\MisterC>netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:7 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9 0.0.0.0:0 LISTENING
TCP 0.0.0.0:13 0.0.0.0:0 LISTENING
TCP 0.0.0.0:17 0.0.0.0:0 LISTENING
TCP 0.0.0.0:19 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
UDP 0.0.0.0:7 *:*
UDP 0.0.0.0:9 *:*
UDP 0.0.0.0:13 *:*
UDP 0.0.0.0:17 *:*
UDP 0.0.0.0:19 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1025 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:1028 *:*
UDP 0.0.0.0:1602 *:*
UDP 0.0.0.0:1604 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:1027 *:*

------------ END

 

[Chuck]

I used to run the DNS server, Treewalk. I took it out although it was a
bit messy to uninstall it. Maybe there are some remnants I should
remove by hand?

Now I get the following output on a netstat.
Seems like a lot of stuff there.
Are those 0.0.0.0 entries a possible source of worry?
Maybe my Avast antivirus is causing a lot of it?

Is there a problem, or are you just looking at references to the loopback
address?

If you have Avast, that's probably most of it. You can get Port Explorer, and
Process Explorer, and see it a bit clearer.
<http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#DiamondCS>
http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#DiamondCS
<http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#ProcessExplorer>
http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#ProcessExplorer

 

[q_q_anonymous]

I used to run the DNS server, Treewalk. I took it out although it was a
bit messy to uninstall it. Maybe there are some remnants I should
remove by hand?

Now I get the following output on a netstat.
Seems like a lot of stuff there.

the *technical thing to do* (if you've got the kahunas) would be as you
suggest. To change the first entry back to whatever it was, since you
are no longer running a local DNS server.

Are those 0.0.0.0 entries a possible source of worry?

what do you have on there? a map to a treasure?
if so, rename the image of the map to a txt file, call it readme.txt
and put it in the windows directory. The cracker will probably not look
at it.

i.e. even if you did have some spyware on there, I wouldn't WORRY. I
don't do online banking either.

Maybe my Avast antivirus is causing a lot of it?

<snip>

chuck mentioned 2 good progs. port explorer and process explorer. so
you can investigate further.

if it is avast causing the many entries, it'd be nice if you could
report back what ports avast is using and why? (use port explorer)

a normal anti-virus program shouldn't have to listen on ports. I wonder
what else it does?
Even if it looked for trojans I don't see an excuse. If it had a
firewall(im sure it doesn't btw). If it looked for spyware. None of
these are reasons for it to do that.

 

[N. Miller]

Are those 0.0.0.0 entries a possible source of worry?

No. That only means, "All Adapters". If you have multiple network
adapters, each with its own IP address, then all of the adapters are
listening. I run Mercury/32, an MTA, and have the SMTP server set with a
blank in the adapter field. The netstat result looks like this:

| TCP 0.0.0.0:24 0.0.0.0:0 LISTENING
| TCP 0.0.0.0:25 0.0.0.0:0 LISTENING

If I change the adapter field, and specify a particular adapter by IP
address, that changes:

| TCP 172.29.61.1:24 0.0.0.0:0 LISTENING
| TCP 172.29.61.1:25 0.0.0.0:0 LISTENING

Or:

| TCP 192.168.102.100:24 0.0.0.0:0 LISTENING
| TCP 192.168.102.100:25 0.0.0.0:0 LISTENING

So it is okay to see an all zero IP address in your netstat result.

 

[Andy]

Is there a problem, or are you just looking at references to the
loopback address?

If you have Avast, that's probably most of it. You can get Port
Explorer, and Process Explorer, and see it a bit clearer.
<http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-a
nd.html#DiamondCS>
http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-an
d.html#DiamondCS
<http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-a
nd.html#ProcessExplorer>
http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-an
d.html#ProcessExplorer

Great links.

Hold on. Is that your web site? Tremendous info. They are all
freeware aren't they?

 

[Chuck]

Great links.

Hold on. Is that your web site? Tremendous info. They are all
freeware aren't they?

Avast and Process Explorer are free. Port Explorer has a free version, and a
paid version.