0

Sniffing (using Wireshark), for didactical purpose, my loopback interface on Ubuntu 12.04, I noticed that a lot of DNS queries (maybe ALL of them) have 127.0.0.1 as source and destination address.

Why?

P.S. I can find the same DNS queries, obviously, on the interface connected to the Internet.

Improve this question
3
  • 1
    Do you have dnsmasq installed?
    – page4096
    Commented Nov 6, 2012 at 14:24
  • I have dnsmasq, but I don't know if it's active.
    – JustTrying
    Commented Nov 6, 2012 at 14:29
  • type in 'sudo /etc/init.d/dnsmasq status', if it's active, all DNS requests are forwarded to dnsmasq first, if the request is cached you'll get 0 ms query time, otherwise it gets forwarded to DNS servers, which will get cached.
    – page4096
    Commented Nov 6, 2012 at 17:20

1 Answer 1

Reset to default
1

Applications are querying a local resolver cache, which is then querying a remote resolver. Most likely, the local resolver is implementing a cross-application cache. That way, if two programs both resolve google.com, there won't be two remote requests.

Improve this answer
2
  • Is it mandatory to query a local cache? Is it possible to query directly a DNS server on the web? I'm asking because I tried to DROP (using iptables) all the traffic but that outgoing from the interface connected to the Internet, and doing this I can't use a web browser because it makes DNS queries on local cache.
    – JustTrying
    Commented Nov 6, 2012 at 14:56
  • 1
    Turn off nscd. Just stop the service.
    – David Schwartz
    Commented Nov 6, 2012 at 15:03

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .