|
Posted by Moe Trin on December 9, 2005, 2:58 pm
If you were Registered and logged in, you could reply and use other advanced thread options
On Fri, 09 Dec 2005, in the Usenet newsgroup comp.security.firewalls, in article
>I am on a cable connection in the UK with no other PCs or printers
>attached.
>I downloaded and installed "TreeWalk DNS" a week ago on my XP Pro
>system.
Remember that. By the way, why did you do this?
>I have to say I am not particularly familiar with the technical details
>of DNS lookups.
Then the 'Grasshopper' book ('DNS & BIND', Paul Albitz and Cricket Liu,
O'Reilly and Assoc., 4th edition, ISBN 0-596-00158-4, 622 pgs, US$45) is
probably far to complex, though it has more than enough details. Section
5.1 of the Linux 'DNS-HOWTO' (find it at hundreds of sites on the web)
should give the background you are missing.
>These entries have worried me because for the last week my PC has
>been hesitating for several seconds before connecting to servers such
>as (http://www.google.com or an NNTP news servrer) for the first
>time. Subsequent connections seems as fast as usual.
Think it might have something to do with installing "TreeWalk DNS"? You
would be right.
>1: Which entries below are expected and which are unusual?
They look normal for a DNS server. Why are you running one?
>2: Have I got some subtle malware on my system?
PEBCAK (Problem Exists Between Chair And Keyboard)
>4: Should I remove Treewalk or does it make no difference?
Or at least disable it, and use your ISP's name servers like everyone else.
>(4) In most cases, 70 bytes were sent and none received but for
>192.5.6.30 (for which the IP lookup keeps failing) there was as much
>as 10 KB of traffic in each direction!
Those are mainly top level domain servers - which you should not be
bothering. A normal name server caches this information resulting in
a tiny fraction of the loads. Your box is asking the same questions
all the time, rather than getting the information from cache. That
explains your delays.
Old guy
| 
XML site map