July 24th, 2006 10:34 PM
DNS client service
Hello Lovely people, got a brain picker here for you. Of late, because of the silly wireless configuration here, sometimes I lose connection to the internet on this xp machine, usually if I have not been on it for say 10 mins. Then when i return and go on the net, it can't resolve anything.
Now up till now, I have been rebooting which, frankly, is a pain, so I nosed about a bit, had a little think, found the services of which I am familiar on windows 95 and 98 OS, and had a snoot about, and restarted the DNS client service, and hey presto, problem solved.
Now I looked on the net, and found a bit saying that this service is not needed, and is recomended disabled, and claims that all that happens is that you go further upstream to resolve names.
Can anyone give me a little more info on this and it's implications for security, stealthand general PC health please.
Sarcasm is a way of life
July 25th, 2006 07:27 AM
What the DNS client does
Basically, the DNC client is a DNS cache - hence it stores resolved addresses
1. fire up Ethereal (Wireshark)
2. Clear the DNS cache: ipconfig /flushdns
3. load http://www.google.com -> Your DNS server is explicitly asked.
4. load http://www.google.com a second time -> The IP number is resolved locally.
If the DNS client is disabled, you will always contact your DNS server to
resolve the name. This slows down the reaction time of your "system"
slightly - very slightly.
If the DNS client is running, several UDP ports are being opened, listening
for 0.0.0.0 (everyone), by a service called dnsrslvr.dll, which runs under
the context of svchost. Using netstat -ano and tasklist /SVC
for further information.
1.thought: On the one hand, a service more increases the complexity of your
system, hence lowers its "security".
2.thought: On the other hand, this particular service allows you to visit
webpages (for example), even if your DNS servers are down. Unlikely, but
3.thought: If the service is not locked down (or your firewall is not configured
properly), you may give some attack surface for DNS poisoning/spoofing from
remote (has happened with bind4; in another context with the DNS cache of
the ISA 2k).
My recommendation: Disable it - if you realise that something is not working
properly, turn it on - but configure your firewall properly (Are you part
of a LAN?).
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)