Re: Advice pls on what is happening on my system

On Fri, 09 Dec 2005, in the Usenet newsgroup comp.security.firewalls, in article
<9727683DD319D51D7E@66.250.146.159>, Alix wrote:

>I am on a cable connection in the UK with no other PCs or printers
>attached.

>I downloaded and installed "TreeWalk DNS" a week ago on my XP Pro
>system.

Remember that. By the way, why did you do this?

>I have to say I am not particularly familiar with the technical details
>of DNS lookups.

Then the 'Grasshopper' book ('DNS & BIND', Paul Albitz and Cricket Liu,
O'Reilly and Assoc., 4th edition, ISBN 0-596-00158-4, 622 pgs, US$45) is
probably far to complex, though it has more than enough details. Section
5.1 of the Linux 'DNS-HOWTO' (find it at hundreds of sites on the web)
should give the background you are missing.

>These entries have worried me because for the last week my PC has
>been hesitating for several seconds before connecting to servers such
>as (http://www.google.com or an NNTP news servrer) for the first
>time. Subsequent connections seems as fast as usual.

Think it might have something to do with installing "TreeWalk DNS"? You
would be right.

>1: Which entries below are expected and which are unusual?

They look normal for a DNS server. Why are you running one?

>2: Have I got some subtle malware on my system?

PEBCAK (Problem Exists Between Chair And Keyboard)

>4: Should I remove Treewalk or does it make no difference?

Or at least disable it, and use your ISP's name servers like everyone else.

>(4) In most cases, 70 bytes were sent and none received but for
>192.5.6.30 (for which the IP lookup keeps failing) there was as much
>as 10 KB of traffic in each direction!

Those are mainly top level domain servers - which you should not be
bothering. A normal name server caches this information resulting in
a tiny fraction of the loads. Your box is asking the same questions
all the time, rather than getting the information from cache. That
explains your delays.

        Old guy
Received on Sun Dec 11 14:24:57 2005