DNS PTR Lookup loop
Moderator: Qbik Staff
8 posts
• Page 1 of 1
DNS PTR Lookup loop
by KazuyaKan » Oct 05 04 5:09 pm
Yesterday I started to get a very big problem with Wingate. For some reason, it will get into a "DNS: PTR lookup "xxx.xxx.xxx.xxx.in.addr.arpa" loop, and it will not stop. It will literally saturate my connection with hundreds of request and will not stop. I wont be able to do anything else because the lag gets so bad. No web, no email, no gaming or anything else internet related. I have to goto GateKeeper and stop the DNS service, then restart just to get back to normal, but eventually, it happens again. Seems to happen with unresolvable IPs. Is there a way to stop this? I tried lower the Timeout setting in the DNS Service tab, but it hasn't helped at all.
- KazuyaKan
- Posts: 6
- Joined: Sep 29 04 3:53 am
by Pascal » Oct 05 04 5:18 pm
Are you running in an active directory environment?
We've seen this problem when a loop exists between the AD controller and WinGate. With versions of 6.x you can resolve this by adding the IP of your AD Controller using the Advanced Options tool.
We've seen this problem when a loop exists between the AD controller and WinGate. With versions of 6.x you can resolve this by adding the IP of your AD Controller using the Advanced Options tool.
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by KazuyaKan » Oct 05 04 6:24 pm
Pascal wrote:Are you running in an active directory environment?
We've seen this problem when a loop exists between the AD controller and WinGate. With versions of 6.x you can resolve this by adding the IP of your AD Controller using the Advanced Options tool.
No. No AD environment. In fact, no users setup or anything at all. Just a pure NAT environment with port fowarding for the WWW proxy. In fact, I belive this started when I binded the proxy server to all available connections. Since I'm running a web server on the same PC (not the WinGate web server), I had to set the www proxy service to listen to port 80 on all connections. That way, when server request were made, it would foward it to the correct web server port, so that it would be protected behind the gateway, and not just open to the internet. Could this be the problem?
- KazuyaKan
- Posts: 6
- Joined: Sep 29 04 3:53 am
by Pascal » Oct 06 04 9:37 am
It does not sound as if it's causing the problem. Where is that PTR lookup originating from? Is it from a client machine or the WinGate machine itself?
Which version of WinGate are you currently using?
Would it be possible for you to capture the DNS/WINS Resolver log when this problem occurs and email it to me, please? My email address is listed in my profile.
Which version of WinGate are you currently using?
Would it be possible for you to capture the DNS/WINS Resolver log when this problem occurs and email it to me, please? My email address is listed in my profile.
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
by adrien » Oct 06 04 12:20 pm
Most likely the PTR lookup is WinGate itself.
It does a PTR lookup for any IP address that connects to it.
Make sure in the DNS settings in your OS, and in WinGate's resolver, that NO WinGate IP address (or localhost - 127.0.0.1) is in there, otherwise you are telling WinGate to ask itself questions, which creates a loop.
Adrien
It does a PTR lookup for any IP address that connects to it.
Make sure in the DNS settings in your OS, and in WinGate's resolver, that NO WinGate IP address (or localhost - 127.0.0.1) is in there, otherwise you are telling WinGate to ask itself questions, which creates a loop.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by sysmaster » Oct 12 04 2:03 pm
Most likely the PTR lookup is WinGate itself.
Hi Adrien,
Q.E.D., I ran into the same problem last night (better said, the server) and found a 1.5GB DNS logfile this morning.
Reason, one of the network ports had a dns pointing to wingate, however, that port was deactivated and not connected to a network.
(the server has 5 network ports, 2 are unused).
Shouldn't WG ignore then? , including their parameters?
Luke
Hi Adrien,
Q.E.D., I ran into the same problem last night (better said, the server) and found a 1.5GB DNS logfile this morning.
Reason, one of the network ports had a dns pointing to wingate, however, that port was deactivated and not connected to a network.
(the server has 5 network ports, 2 are unused).
Shouldn't WG ignore then? , including their parameters?
Luke
- sysmaster
- Posts: 3
- Joined: Oct 02 03 9:13 pm
Same problem
by moocow » Oct 16 04 11:10 am
I seem to be having the same problem. Configuration report and logfile sample as follows:
1.01 WINGATE CONFIGURATION REPORT
1.02 Friday, October 15, 2004, 23:54
1.03
1.04 ---------------------------------------------
1.05 WinGate Engine
1.06 ---------------------------------------------
1.07 WinGate 6.0.1 (Build 995)
1.08 Operating System: Windows 2000 (NT 5.0)
1.09 Language:
1.10 User database: WinGate
1.11 Num. users: 3
1.12
1.13
3.01 ---------------------------------------------
3.02 Licence details
3.03 ---------------------------------------------
3.04 License Key 1
3.05 Version: WinGate 4 Standard 3 concurrent users
3.06 Expiry: None
3.07
4.01 ---------------------------------------------
4.02 Dialer information
4.03 ---------------------------------------------
4.04 Dialer is enabled
4.05 Profiles:
4.06 ADSL PCI Modem (Enabled) 3 retries
4.07 Overall retries: 1
4.08
<removed irrelevant configuration information>
5.01 ---------------------------------------------
5.02 Network Interfaces
5.03 ---------------------------------------------
5.04 ADSL PCI Modem (Dialup) external
5.05 Local Area Connection (Ethernet) internal
5.06 MS TCP Loopback interface (Loopback)
5.07
6.32 DHCP Service (DHCP Service)
6.33 ---------------------------------------------
6.34 Session Timeout: 60
6.35 Port: 67
6.36 Startup: Automatic start/stop
6.37 Access Rights: Defaults: are ignored
6.38 Everyone - Unrestricted rights
6.39 Start/Stop Rights: Defaults: may be used instead
6.40 Edit Rights: Defaults: may be used instead
6.41
6.42 Winsock Redirector Service (Winsock Redirector Service)
6.43 ---------------------------------------------
6.44 Session Timeout: 600
6.45 Port: 2080
6.46 Startup: Automatic start/stop
6.47 Access Rights: Defaults: may be used instead
6.48 Start/Stop Rights: Defaults: may be used instead
6.49 Edit Rights: Defaults: may be used instead
6.50
<removed irrelevant configuration information>
6.105 DNS Service (DNS Service)
6.106 ---------------------------------------------
6.107 Session Timeout: 60
6.108 Port: 53
6.109 Startup: Automatic start/stop
6.110 Access Rights: Defaults: may be used instead
6.111 Start/Stop Rights: Defaults: may be used instead
6.112 Edit Rights: Defaults: may be used instead
6.113
6.114 WWW Server for viewing log files (Logfile Server)
6.115 ---------------------------------------------
6.116 Session Timeout: 60
6.117 Port: 8010
6.118 Startup: Automatic start/stop
6.119 Access Rights: Defaults: may be used instead
6.120 Start/Stop Rights: Defaults: may be used instead
6.121 Edit Rights: Defaults: may be used instead
6.122
<removed irrelevant configuration information>
7.01 ---------------------------------------------
7.02 System Route Table
7.03 ---------------------------------------------
7.04 Current Route Table:
7.05 ---------------------------------------------
7.06 Network Mask Gateway Interface Metric
7.07 0.0.0.0 0.0.0.0 217.132.48.6 217.132.48.6 1
7.08 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
7.09 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 1
7.10 192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 1
7.11 192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 1
7.12 212.143.205.246 255.255.255.255 217.132.48.6 217.132.48.6 1
7.13 217.132.48.6 255.255.255.255 127.0.0.1 127.0.0.1 1
7.14 217.132.48.255 255.255.255.255 217.132.48.6 217.132.48.6 1
7.15 224.0.0.0 224.0.0.0 192.168.0.1 192.168.0.1 1
7.16 224.0.0.0 224.0.0.0 217.132.48.6 217.132.48.6 1
7.17 255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1
7.18
8.01 ---------------------------------------------
8.02 Enhanced Network Support
8.03 ---------------------------------------------
8.04 Enhanced Network Support: Qbik NDIS Hook 6.0 - Installed and active
8.05 Driver: Enabled
8.06 NAT: Enabled
8.07 Router: Enabled
8.08 Firewall level: Custom
8.09
8.10 Firewall
8.11 ---------------------------------------------
8.12 Disable network name broadcasts to the Internet: Enabled
8.13 Allow users to ping this machine locally: Enabled
8.14 Allow users to ping this machine from the Internet: Disabled
8.15 Discard spoofed packets: Enabled
8.16
8.17 Routing
8.18 ---------------------------------------------
8.19 Multiple default routes: Enabled
8.20 Relay UDP broadcast packets: Enabled
8.100
<removed irrelevant configuration information>
9.02 END OF CONFIGURATION REPORT
Partial logfile: (starts with normal traffic and begins to loop)
10/15/04 12:59:32 Request: request [0ae3ed10] PTR lookup "202.111.126.207.in-addr.arpa."
10/15/04 12:59:43 Request: request [0ad3d5e8] A lookup "x3.extreme-dm.com."
10/15/04 12:59:44 Request: request [0ad3d5e8] A lookup "www.associmg.com."
10/15/04 12:59:44 Request: request [036b9008] A lookup "rewrite.amazon.com."
10/15/04 12:59:44 Request: request [0ae3d5e8] A lookup "www.associmg.com."
10/15/04 12:59:44 Request: request [03399008] A lookup "rewrite.amazon.com."
10/15/04 12:59:53 Request: request [0ad3d5e8] A lookup "www.goldenhour.co.il."
10/15/04 12:59:54 Request: request [0ad3d5e8] A lookup "x3.extreme-dm.com."
10/15/04 12:59:54 Request: request [0ae3d5e8] A lookup "www.goldenhour.co.il."
10/15/04 12:59:54 Request: request [0af3d5e8] A lookup "www.goldenhour.co.il."
10/15/04 12:59:56 Request: request [0ae3d5e8] A lookup "www.ncbi.nlm.nih.gov."
10/15/04 12:59:57 Request: request [0af3d5e8] A lookup "www.ncbi.nlm.nih.gov."
10/15/04 13:00:26 Request: request [03399008] A lookup "www.google.com."
10/15/04 13:00:26 Request: request [0b13ed10] PTR lookup "99.9.102.66.in-addr.arpa."
10/15/04 13:00:31 Request: request [0b23ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:33 Request: request [0b33ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:33 Request: request [03399008] A lookup "www.dotomi.co.il."
10/15/04 13:00:33 Request: request [0b33ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:34 Request: request [0b33ed10] PTR lookup "34.30.232.207.in-addr.arpa."
10/15/04 13:00:34 Request: request [03399008] A lookup "resources.dotomi.com."
10/15/04 13:00:34 Request: request [0b43ed10] PTR lookup "34.30.232.207.in-addr.arpa."
10/15/04 13:00:35 Request: request [03399008] A lookup "www.dtmpub.com."
10/15/04 13:00:35 Request: request [0b53ed10] PTR lookup "34.30.232.207.in-addr.arpa."
10/15/04 13:00:35 Request: request [0b63ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:35 Request: request [0b73ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:35 Request: request [0b83ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:37 Request: request [0b93ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:38 Request: request [0b93ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:38 Request: request [0ba3ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:39 Request: request [0bb3ed10] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:43 Request: request [0bc3d5e8] A lookup "www.ncbi.nlm.nih.gov."
10/15/04 13:00:43 Request: request [03399008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:46 Request: request [0bd3d5e8] A lookup "www.ncbi.nlm.nih.gov."
10/15/04 13:00:46 Request: request [036b9008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:47 Request: request [0269d558] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:50 Request: request [026a4008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:50 Request: request [03632008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:51 Request: request [02757028] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:52 Request: request [0be3ed10] PTR lookup "8.12.118.192.in-addr.arpa."
And another section where the loop is a bit different:
10/15/04 13:01:13 Request: request [034a7008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:13 Request: request [033c0008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:13 Request: request [035ef008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:13 Request: request [0281a008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:13 Request: request [03163610] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:13 Request: request [027d0008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:13 Error: bounce request [03376a88]<2> to try 3 (no good servers)
10/15/04 13:01:13 Error: bounce request [033a94d0]<2> to try 3 (no good servers)
10/15/04 13:01:13 Error: bounce request [033bc278]<2> to try 3 (no good servers)
10/15/04 13:01:13 Error: bounce request [033c9168]<2> to try 3 (no good servers)
10/15/04 13:01:13 Error: bounce request [034044a8]<2> to try 3 (no good servers)
10/15/04 13:01:13 Error: bounce request [03408c98]<2> to try 3 (no good servers)
10/15/04 13:01:13 Error: bounce request [03460300]<2> to try 3 (no good servers)
10/15/04 13:01:14 Error: bounce request [0346b4c8]<2> to try 3 (no good servers)
10/15/04 13:01:14 Error: bounce request [034b21c0]<2> to try 3 (no good servers)
10/15/04 13:01:14 Error: bounce request [0351b2a0]<2> to try 3 (no good servers)
10/15/04 13:01:14 Error: bounce request [03635290]<2> to try 3 (no good servers)
10/15/04 13:01:14 Request: request [03342288] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Error: bounce request [03342288]<1> to try 3 (no specific and cannot select)
10/15/04 13:01:14 Request: request [02788548] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Error: bounce request [02788548]<1> to try 3 (no specific and cannot select)
10/15/04 13:01:14 Request: request [037ab2b0] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Error: bounce request [037ab2b0]<1> to try 3 (no specific and cannot select)
10/15/04 13:01:14 Request: request [0376e0b8] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Error: bounce request [0376e0b8]<1> to try 3 (no specific and cannot select)
10/15/04 13:01:14 Request: request [026a4008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Error: bounce request [026a4008]<1> to try 3 (no specific and cannot select)
10/15/04 13:01:14 Request: request [03585890] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Error: bounce request [03585890]<1> to try 3 (no specific and cannot select)
10/15/04 13:01:14 Request: request [02729178] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Request: request [03580498] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Request: request [03321590] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Request: request [035eb008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Request: request [03201f30] PTR lookup "8.12.118.192.in-addr.arpa."
And so on.
The request for the addresses originates from the Wingate machine itself, furthermore, the loop may occur even if all other machines on the network are shut down. I have checked the DNS settings in the Windows' lmhosts files and commented out the localhost insert, this does not solve the problem.
Any comments?
1.01 WINGATE CONFIGURATION REPORT
1.02 Friday, October 15, 2004, 23:54
1.03
1.04 ---------------------------------------------
1.05 WinGate Engine
1.06 ---------------------------------------------
1.07 WinGate 6.0.1 (Build 995)
1.08 Operating System: Windows 2000 (NT 5.0)
1.09 Language:
1.10 User database: WinGate
1.11 Num. users: 3
1.12
1.13
3.01 ---------------------------------------------
3.02 Licence details
3.03 ---------------------------------------------
3.04 License Key 1
3.05 Version: WinGate 4 Standard 3 concurrent users
3.06 Expiry: None
3.07
4.01 ---------------------------------------------
4.02 Dialer information
4.03 ---------------------------------------------
4.04 Dialer is enabled
4.05 Profiles:
4.06 ADSL PCI Modem (Enabled) 3 retries
4.07 Overall retries: 1
4.08
<removed irrelevant configuration information>
5.01 ---------------------------------------------
5.02 Network Interfaces
5.03 ---------------------------------------------
5.04 ADSL PCI Modem (Dialup) external
5.05 Local Area Connection (Ethernet) internal
5.06 MS TCP Loopback interface (Loopback)
5.07
6.32 DHCP Service (DHCP Service)
6.33 ---------------------------------------------
6.34 Session Timeout: 60
6.35 Port: 67
6.36 Startup: Automatic start/stop
6.37 Access Rights: Defaults: are ignored
6.38 Everyone - Unrestricted rights
6.39 Start/Stop Rights: Defaults: may be used instead
6.40 Edit Rights: Defaults: may be used instead
6.41
6.42 Winsock Redirector Service (Winsock Redirector Service)
6.43 ---------------------------------------------
6.44 Session Timeout: 600
6.45 Port: 2080
6.46 Startup: Automatic start/stop
6.47 Access Rights: Defaults: may be used instead
6.48 Start/Stop Rights: Defaults: may be used instead
6.49 Edit Rights: Defaults: may be used instead
6.50
<removed irrelevant configuration information>
6.105 DNS Service (DNS Service)
6.106 ---------------------------------------------
6.107 Session Timeout: 60
6.108 Port: 53
6.109 Startup: Automatic start/stop
6.110 Access Rights: Defaults: may be used instead
6.111 Start/Stop Rights: Defaults: may be used instead
6.112 Edit Rights: Defaults: may be used instead
6.113
6.114 WWW Server for viewing log files (Logfile Server)
6.115 ---------------------------------------------
6.116 Session Timeout: 60
6.117 Port: 8010
6.118 Startup: Automatic start/stop
6.119 Access Rights: Defaults: may be used instead
6.120 Start/Stop Rights: Defaults: may be used instead
6.121 Edit Rights: Defaults: may be used instead
6.122
<removed irrelevant configuration information>
7.01 ---------------------------------------------
7.02 System Route Table
7.03 ---------------------------------------------
7.04 Current Route Table:
7.05 ---------------------------------------------
7.06 Network Mask Gateway Interface Metric
7.07 0.0.0.0 0.0.0.0 217.132.48.6 217.132.48.6 1
7.08 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
7.09 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 1
7.10 192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 1
7.11 192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 1
7.12 212.143.205.246 255.255.255.255 217.132.48.6 217.132.48.6 1
7.13 217.132.48.6 255.255.255.255 127.0.0.1 127.0.0.1 1
7.14 217.132.48.255 255.255.255.255 217.132.48.6 217.132.48.6 1
7.15 224.0.0.0 224.0.0.0 192.168.0.1 192.168.0.1 1
7.16 224.0.0.0 224.0.0.0 217.132.48.6 217.132.48.6 1
7.17 255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1
7.18
8.01 ---------------------------------------------
8.02 Enhanced Network Support
8.03 ---------------------------------------------
8.04 Enhanced Network Support: Qbik NDIS Hook 6.0 - Installed and active
8.05 Driver: Enabled
8.06 NAT: Enabled
8.07 Router: Enabled
8.08 Firewall level: Custom
8.09
8.10 Firewall
8.11 ---------------------------------------------
8.12 Disable network name broadcasts to the Internet: Enabled
8.13 Allow users to ping this machine locally: Enabled
8.14 Allow users to ping this machine from the Internet: Disabled
8.15 Discard spoofed packets: Enabled
8.16
8.17 Routing
8.18 ---------------------------------------------
8.19 Multiple default routes: Enabled
8.20 Relay UDP broadcast packets: Enabled
8.100
<removed irrelevant configuration information>
9.02 END OF CONFIGURATION REPORT
Partial logfile: (starts with normal traffic and begins to loop)
10/15/04 12:59:32 Request: request [0ae3ed10] PTR lookup "202.111.126.207.in-addr.arpa."
10/15/04 12:59:43 Request: request [0ad3d5e8] A lookup "x3.extreme-dm.com."
10/15/04 12:59:44 Request: request [0ad3d5e8] A lookup "www.associmg.com."
10/15/04 12:59:44 Request: request [036b9008] A lookup "rewrite.amazon.com."
10/15/04 12:59:44 Request: request [0ae3d5e8] A lookup "www.associmg.com."
10/15/04 12:59:44 Request: request [03399008] A lookup "rewrite.amazon.com."
10/15/04 12:59:53 Request: request [0ad3d5e8] A lookup "www.goldenhour.co.il."
10/15/04 12:59:54 Request: request [0ad3d5e8] A lookup "x3.extreme-dm.com."
10/15/04 12:59:54 Request: request [0ae3d5e8] A lookup "www.goldenhour.co.il."
10/15/04 12:59:54 Request: request [0af3d5e8] A lookup "www.goldenhour.co.il."
10/15/04 12:59:56 Request: request [0ae3d5e8] A lookup "www.ncbi.nlm.nih.gov."
10/15/04 12:59:57 Request: request [0af3d5e8] A lookup "www.ncbi.nlm.nih.gov."
10/15/04 13:00:26 Request: request [03399008] A lookup "www.google.com."
10/15/04 13:00:26 Request: request [0b13ed10] PTR lookup "99.9.102.66.in-addr.arpa."
10/15/04 13:00:31 Request: request [0b23ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:33 Request: request [0b33ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:33 Request: request [03399008] A lookup "www.dotomi.co.il."
10/15/04 13:00:33 Request: request [0b33ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:34 Request: request [0b33ed10] PTR lookup "34.30.232.207.in-addr.arpa."
10/15/04 13:00:34 Request: request [03399008] A lookup "resources.dotomi.com."
10/15/04 13:00:34 Request: request [0b43ed10] PTR lookup "34.30.232.207.in-addr.arpa."
10/15/04 13:00:35 Request: request [03399008] A lookup "www.dtmpub.com."
10/15/04 13:00:35 Request: request [0b53ed10] PTR lookup "34.30.232.207.in-addr.arpa."
10/15/04 13:00:35 Request: request [0b63ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:35 Request: request [0b73ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:35 Request: request [0b83ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:37 Request: request [0b93ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:38 Request: request [0b93ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:38 Request: request [0ba3ed10] PTR lookup "18.32.0.62.in-addr.arpa."
10/15/04 13:00:39 Request: request [0bb3ed10] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:43 Request: request [0bc3d5e8] A lookup "www.ncbi.nlm.nih.gov."
10/15/04 13:00:43 Request: request [03399008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:46 Request: request [0bd3d5e8] A lookup "www.ncbi.nlm.nih.gov."
10/15/04 13:00:46 Request: request [036b9008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:47 Request: request [0269d558] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:50 Request: request [026a4008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:50 Request: request [03632008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:51 Request: request [02757028] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:00:52 Request: request [0be3ed10] PTR lookup "8.12.118.192.in-addr.arpa."
And another section where the loop is a bit different:
10/15/04 13:01:13 Request: request [034a7008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:13 Request: request [033c0008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:13 Request: request [035ef008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:13 Request: request [0281a008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:13 Request: request [03163610] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:13 Request: request [027d0008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:13 Error: bounce request [03376a88]<2> to try 3 (no good servers)
10/15/04 13:01:13 Error: bounce request [033a94d0]<2> to try 3 (no good servers)
10/15/04 13:01:13 Error: bounce request [033bc278]<2> to try 3 (no good servers)
10/15/04 13:01:13 Error: bounce request [033c9168]<2> to try 3 (no good servers)
10/15/04 13:01:13 Error: bounce request [034044a8]<2> to try 3 (no good servers)
10/15/04 13:01:13 Error: bounce request [03408c98]<2> to try 3 (no good servers)
10/15/04 13:01:13 Error: bounce request [03460300]<2> to try 3 (no good servers)
10/15/04 13:01:14 Error: bounce request [0346b4c8]<2> to try 3 (no good servers)
10/15/04 13:01:14 Error: bounce request [034b21c0]<2> to try 3 (no good servers)
10/15/04 13:01:14 Error: bounce request [0351b2a0]<2> to try 3 (no good servers)
10/15/04 13:01:14 Error: bounce request [03635290]<2> to try 3 (no good servers)
10/15/04 13:01:14 Request: request [03342288] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Error: bounce request [03342288]<1> to try 3 (no specific and cannot select)
10/15/04 13:01:14 Request: request [02788548] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Error: bounce request [02788548]<1> to try 3 (no specific and cannot select)
10/15/04 13:01:14 Request: request [037ab2b0] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Error: bounce request [037ab2b0]<1> to try 3 (no specific and cannot select)
10/15/04 13:01:14 Request: request [0376e0b8] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Error: bounce request [0376e0b8]<1> to try 3 (no specific and cannot select)
10/15/04 13:01:14 Request: request [026a4008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Error: bounce request [026a4008]<1> to try 3 (no specific and cannot select)
10/15/04 13:01:14 Request: request [03585890] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Error: bounce request [03585890]<1> to try 3 (no specific and cannot select)
10/15/04 13:01:14 Request: request [02729178] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Request: request [03580498] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Request: request [03321590] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Request: request [035eb008] PTR lookup "8.12.118.192.in-addr.arpa."
10/15/04 13:01:14 Request: request [03201f30] PTR lookup "8.12.118.192.in-addr.arpa."
And so on.
The request for the addresses originates from the Wingate machine itself, furthermore, the loop may occur even if all other machines on the network are shut down. I have checked the DNS settings in the Windows' lmhosts files and commented out the localhost insert, this does not solve the problem.
Any comments?
- moocow
- Posts: 1
- Joined: Oct 16 04 10:22 am
by adrien » Oct 16 04 8:53 pm
sysmaster wrote:Most likely the PTR lookup is WinGate itself.
Hi Adrien,
Q.E.D., I ran into the same problem last night (better said, the server) and found a 1.5GB DNS logfile this morning.
Reason, one of the network ports had a dns pointing to wingate, however, that port was deactivated and not connected to a network.
(the server has 5 network ports, 2 are unused).
Shouldn't WG ignore then? , including their parameters?
Luke
WinGate uses whatever servers are advertised by the OS. I think Windows is not particularly strict about DNS, just puts it into the adapter properties, but I believe they are global settings. I.e. I don't think windows 2000 actually uses a different DNS server depending on adapter, because it won't know which adapter it is using until it looks up the name first to find the route to find the adapter.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
8 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 9 guests