What has "IN-ADDR.ARPA" got to do with W98?

  • Thread starter Thread starter Barry Higginbottom
  • Start date Start date
B

Barry Higginbottom

Hi

Can anyone explain or point me to where I can learn something about
"IN-ADDR.ARPA"

I have a 4 machine peer to peer network all machines run either Windows 98
or 98SE and are connected via an 8 port 10/100 switch with connection to
the Internet via a 3COM dual 56K LanModem. All machines have Kerio Personal
Firewall V2.1.5

Whenever a PC starts a connection to the Internet is started by the
LanModem. When I check the cause of the connection it is always shown as
being a connection to 0.0.0.0.IN-ADDR.ARPA

Can anyone explain this and what might be causing it?

Is it the LanModem, the Windows network, the firewall?

I don't know where to start and would welcome some suggestions.
 
Whenever a PC starts a connection to the Internet is started by the
LanModem. When I check the cause of the connection it is always shown as
being a connection to 0.0.0.0.IN-ADDR.ARPA

It's a domain name system reverse lookup. 0.0.0.0 is the default
route.
Can anyone explain this and what might be causing it?

It means that something running on your computer has requested a
connection to a domain name or ip address which isn't part of your own
network. Since it isn't on your own network, the request goes to the
default gateway causing the modem to dial up your isp.

If you don't know what's causing the dialup (it could be anything) run
msconfig and look through the programs on the startup tab which are
set to run at system startup.


Jim.
 
It's a domain name system reverse lookup. 0.0.0.0 is the default
route.
It means that something running on your computer has requested a
connection to a domain name or ip address which isn't part of your own
network. Since it isn't on your own network, the request goes to the
default gateway causing the modem to dial up your isp.

Thanks Jim, I suspect that it might be Kerio Personal Firewall that's
causing this, the only other programs that start are all the standard
Windows stuff (Power Management, Systray, etc), I don't know of any of them
that set out to connect to a domain name.

Is there any software out there that could log where this connection
originates from?

Hmm, I wonder if I could write a KPF rule to log connections to 0.0.0.0?
 
Is there any software out there that could log where this connection
originates from?

There are a few tools you might use. A free network analyzer can be
found here http://analyzer.polito.it/
Hmm, I wonder if I could write a KPF rule to log connections to 0.0.0.0?

It won't work since it is only 0.0.0.0 until the dialup completes its
ppp negotiation with your isp. This is when you get assigned your
dynamic public ip address and details of gateway, nameservers etc.


Jim.
 
There are a few tools you might use. A free network analyzer can be
found here http://analyzer.polito.it/
It won't work since it is only 0.0.0.0 until the dialup completes its
ppp negotiation with your isp. This is when you get assigned your
dynamic public ip address and details of gateway, nameservers etc.

OK Jim, I got to the bottom of the problem.

KPF2 has an option to allow DNS resolving of IP addresses for the log file.

I disabled this option (its not that important for me) and problem solved.

My LanModem was reporting that a DNS request was being made for
0.0.0.0.IN-ADDR.ARPA. For folks with a dialup connection I guess this
doesn't make DUN connect, but then I'm not using DUN and I guess that the
LANModem was doing what its supposed to do.

If anyone understands better than me whats going on they might want to
explain better, but thanks everyone for your suggestions. I got there in
the end..
 
Back
Top