constant DNS querying for 127.0.0.1

as suspected the Directory Service (DS) stuff on Leopard is actually OK...

$ dscacheutil -q host -a ip_address 127.0.0.1
name: localhost
ip_address: 127.0.0.1

whilst performing a tcpdump:
$ sudo tcpdump -A -n -i en1 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes
18:03:51.903993 IP 192.168.21.100.5353 > 192.168.21.1.53: 63898+[|domain]
E..YW..........d.......5.E.y.............1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
18:03:51.923450 IP 62.31.176.39.53 > 192.168.21.100.5353: 63898 NXDomain[|domain]
E....3@...9.>..'...d.5....x3.............1.0.0.127

repeated every 3 seconds.

whatever causes this ... it does not use DS, strongly suspect a kernel related activity.

I compared your netstat and the only significant difference is that I am not running a vnc or ssh listener.

dtracing/dtrussing these processes doesn't show any problems

Also, my router does not provide any DNS services.

in your case then the DHCP provided DNS IP address is the external one (correct?)

Again, my system is not polling 127.0.0.1.

different router as well...

checked a friend's PPG G5 with 10.5.2 and a similar router and the same problem arises (without running VNC nor ssh).

I have an old WRT54G v1.0, need to dig it out and make similar tests (i.e. just change the router, same services)

ok...

on Leopard if I select the external Primary DNS IP address as first (or only) nameserver entry in /etc/resolv.conf (either manual edit or fiddle with the GUI in Network settings, wired and wireless, static or DHCP) the DNS probe disappears.

Hello,

the system.log simply contains entries like this:
Mar 3 11:07:38 localhost mDNSResponder mDNSResponder-170 (Jan 4 2008 18:04:16)[16]: starting

so the tcpdump shows the router responding correctly with a NXDOMAIN reply
20:10:52.401762 IP 192.168.21.103.5353 > 192.168.21.1.53: 810+[|domain]
E..Y$:.........g.......5.E...*...........1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar
20:10:52.419083 IP 62.31.176.39.53 > 192.168.21.103.5353: 810 NXDomain[|domain]
E.....@.....>..'...g.5....3..*...........1.0.0.127
dnsbugtest.1.0.0.127.in-addr.ar

why then mDNSResponder performs this test only once when I use the external DNS IP address whilst repeats itself every 3 seconds for a local one?

this happens as well if I start the local named service and make it a forward only DNS server using as forwarder address the very same external DNS IP address.

Message was edited by: aBarbieri
just read the previous response. so the error is in the router OS not to translate back the IP address of the DNS response (it should use the router IP address rather than the external DNS IP address)

informed Draytek (in one one their forums) of this issue which I believe is quite general to their products (V2900VG, V2910VG and V2800G are all affected). hopefully they'll come up with a firmware update.

thanks for the help in resolving the matter (at least there is now a known workaround)