Making local DNS cache server work with L'n's + Phantom v6

Discussion in 'LnS English Forum' started by halcyon, Nov 24, 2004.

Thread Status:
Not open for further replies.
  1. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Ok, I'm now running L'n'S 2.5p2 d1 pretty ok with Phantom v6 ruleset, thanks to the help of many in this forum.

    However, I still have some trouble, which I can't seem to be able to nail down or figure out for myself.

    I have the situation as follows:

    0. Windows XP own DNS service turned off.

    1. Windows XP, ethernet -> ADSL connection (DNS server in ADSL modem turned off)

    2. XP Network connection / TCP-IP setting has 127.0.0.1 (localhost) as primary dns server. xx.yy.zz.pp as a secondary (this is my isp's primary dns).

    3. AnalogX FastCache running as a DNS relay/cache at 127.0.0.1.

    4. L'n'S has authorized access for FastCache

    5. "DNS-Allowed-1" rule from Phantom v6 is active and modified as follows:

    Destination: Equal or = 127.0.0.1 / xx.yy.zz.pp
    Destination port: Equals = 53 domain

    6. The above rule is active, high on my list (after Invalid UDP blocking rules) and configured to allow traffic in both directions.

    Now my problem:

    When doing "nslookup www.yahoo.com" from XP command line I sometimes get:

    DNS request timed out.
    timeout was 2 seconds.
    *** Can't find server name for address 127.0.0.1: Timed out
    Server: my.isp.dns.com
    Address: xx.yy.zz.pp

    So, the nslookup cannot access fastcache dns at 127.0.0.1 (the primary dns of my network connection) and switches to the secondary dns (xx.yy.zz.pp).

    Of course, this defeats the purpose, as I want fast, configurable and local DNS caching via FastCache.

    Also, DNS lookups via Firefox seem REALLY slow and the likelihood of failed dns queries is very high (i.e. I get a "no such host").


    The problem I have defies simple explanation to me.

    Sometimes DNS at 127.0.0.1 works both from browsers AND from command line "nslookup" query.

    This is confirmed by FastCache logs.

    Also, when the network app -> Fastcache query works, there is NO entry in the L'n'S LOG (regardless of what logging I have configured on).

    Only when my system reverts to using secondary dns (which is NOT localhost), does L'n'S log DNS queries.

    I have not been able to find out, why my system switches over from using primary (127.0.0.1) dns to secondary (xx.yy.zz.pp) dns or when it does that.

    I'm at loss to explain this.

    Can anybody suggest things to try out or to discover.

    I acknoledge the fact that this could be completely L'n'S unrelated issue.

    However, I've only come acrosss this since I installed L'n'S on my machine.

    I'm sure it's just a stupid user error, but I can't figure out where or how :)

    Thanks!

    best regards,
    halcyon
     
    Last edited: Nov 24, 2004
  2. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
  3. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Thanks.

    I read through the whole thread.

    I don't really understand how that thread applies to my situation.

    One by one going through that thread:


    1) HOSTS file. Yes I use one, but my problem refers to hosts NOT listed in the hosts file

    2) Infection. No infections (TDS3, KAV, NOD32, AntiVIR, BitDefender, EWSS, A2 checked and protected, services pruned, security policies installed, yadda yadda)

    3) Windows DNS relay/cache related services. I'm not using Windows XP DNS at all, it's turned off completely.

    4) Remote proxies. No remote proxies in use.

    5) WinXP Network connection DNS search order (127.0.0.1 is the primary/first in active Ethernet connection TCP/IP configuration and correctly defined).

    6) IE related problems. Not using IE.


    Again, my problem is:

    Sometimes WinXP active Network connection uses the primary/first DNS at 127.0.0.1

    Sometimes it can't find it and defaults to the secondary DNS (next on the list of defined DN servers).

    I haven't been able to track down why it changes from primary (local) dns to secondary dns (remote).

    If anybody has an idea, please chime in.

    Thanks!
     
    Last edited: Nov 24, 2004
  4. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Did you read it since wiseguy posted some identical information at could be found in the links that were posted in the thread.?http://www.dslreports.com/forum/remark,11943688~mode=flat

    If you also go to some of those links it will help I think..but not sure what is misconfigured on your PC or how you have it set up manaully or if a third party program you have on your PC is causing the problem.
     
  5. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    I've now read it three times :)

    And Wiseguy didn't post any information pertaining to my situation, only about HOST/DNS priority and external proxies (neither which applies to my situation).

    Thanks for trying to help.

    I'll try keep figuring this out myself.
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
  7. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Yes, I'm running KB884020 tcpip.sys.
     
Thread Status:
Not open for further replies.