Results 1 to 2 of 2

Thread: DNS client service

  1. July 24th, 2006, 10:34 PM #1
    JonnyFrond
    JonnyFrond is offline
    Senior Member JonnyFrond's Avatar
    Join Date
    Jan 2006
    Posts
    238

    DNS client service

    Hello Lovely people, got a brain picker here for you. Of late, because of the silly wireless configuration here, sometimes I lose connection to the internet on this xp machine, usually if I have not been on it for say 10 mins. Then when i return and go on the net, it can't resolve anything.

    Now up till now, I have been rebooting which, frankly, is a pain, so I nosed about a bit, had a little think, found the services of which I am familiar on windows 95 and 98 OS, and had a snoot about, and restarted the DNS client service, and hey presto, problem solved.

    Now I looked on the net, and found a bit saying that this service is not needed, and is recomended disabled, and claims that all that happens is that you go further upstream to resolve names.

    Can anyone give me a little more info on this and it's implications for security, stealthand general PC health please.

    Jonnypants Snootlefork
    Sarcasm is a way of life
    Reply With Quote Reply With Quote
  2. July 25th, 2006, 07:27 AM #2
    sec_ware
    sec_ware is offline
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi


    What the DNS client does

    Basically, the DNC client is a DNS cache - hence it stores resolved addresses
    locally.
    E.g.
    1. fire up Ethereal (Wireshark)
    2. Clear the DNS cache: ipconfig /flushdns
    3. load http://www.google.com -> Your DNS server is explicitly asked.
    4. load http://www.google.com a second time -> The IP number is resolved locally.

    If the DNS client is disabled, you will always contact your DNS server to
    resolve the name. This slows down the reaction time of your "system"
    slightly - very slightly.

    dnsrslvr.dll

    If the DNS client is running, several UDP ports are being opened, listening
    for 0.0.0.0 (everyone), by a service called dnsrslvr.dll, which runs under
    the context of svchost[1]. Using netstat -ano and tasklist /SVC
    for further information.


    Security implications

    1.thought: On the one hand, a service more increases the complexity of your
    system, hence lowers its "security".
    2.thought: On the other hand, this particular service allows you to visit
    webpages (for example), even if your DNS servers are down. Unlikely, but
    possible (availability).

    3.thought: If the service is not locked down (or your firewall is not configured
    properly), you may give some attack surface for DNS poisoning/spoofing from
    remote (has happened with bind4; in another context with the DNS cache of
    the ISA 2k).


    My recommendation: Disable it - if you realise that something is not working
    properly, turn it on - but configure your firewall properly (Are you part
    of a LAN?).

    Cheers

    [1] http://www.antionline.com/showthread...hreadid=264811
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules