Im using the newest Eset Smart Security Version 3.0.650 on a very slow Computer (Laptop with 266 MHZ Pentium) with the latest Security updates and Service packs every thing worked fine.
Until the April hotfixes where downloaded and installed, suddenly the adress resolution (DNS) didn't work properly.
That means that if I tiped in an adress like www.eset.com first it couldn't resolve the adress the browser complained www.eset.com not found. If i typed it several times after the third or more times suddenly the www.eset could be displayed.
The same happend with my email client. It couldn't resolve the DNS adress of the email server.
What I read about the hotfixes there is a dns related hotfix installed. What i suspect is that it is a timing related issue, because on other computers it works.
(Meaning faster computers).

If i disable the protocol filtering (Web access protection) the dns resolution works again

Any ideas what i could do without disabling the web protection.
( I'm using Thunderbird 2 and firefox 3.b5)

Sincerly samoht

I run a Win2Kpro on one of my computers (700MHz, 512MB) and have had a lot of tcpip.sys and wanarp.sys crashes with ESS, until v650. My WinXPpro's have never had these issues. Also, there have never been these problems with EAV so it's the firewall that was the problem. So consider yourself lucky that you came aboard at v650. Actually, more specifically v1038 of firewall module fixed my problems. I still have ntoskrnl.exe crashes after many hours of working, but it may not be ESS's fault. However, it's rock solid without ESS.

I have never had DNS problems with any version of ESS. There are timeout limits for DNS response and slow response is a known problem with some DNS services. Usually they are sporadic and related to heavy traffic times. I don't know who your DNS service is, probably your ISP, but you may try http://www.opendns.com/ which provides demonstrated performance and other advantages. If there is no improvement, then you know it's in your system.

-{ Quote: "
Until the April hotfixes where downloaded and installed, suddenly the adress resolution (DNS) didn't work properly. " }-
DNS access from Windows 2000 pro also has stopped working reliably for me also.

Started getting lots of "DNS poison attack messages in the log" with it identifying my billion router as the source.
Disabling "DNS poision attack detection" helps but then I get a few rule not found.

Edit
First noticed after changed the IP address of on of the windows 2000 machines by fixing it in the router
(Billion 7402vgp configuration -> Lan -> DHCP server -> Fix Host -> )
Reverting to an older version of the router configuration did not fix it though.

Also same symptoms developed in a second windows 2000 machine which I hadn't done anything to.

Running 3.0.650.0 on all computers

I tried www.opendns.com and somewhat it seems to improve the situation. But it doesn't solve the situation. So I think it is definitivly my Windows 2000 or machine.

Then i tried to deinstall the DNS Spoofing patch but this didn't improve the situation either.

http://support.microsoft.com/?kbid=945553


Thanks for your tips

samoht

Finally i found the Log files and they although say DNS cache poisoning attack
The first address is from my router and the second is my adress in the network

11.04.2008 23:19:12 Detected DNS cache poisoning attack 192.168.1.1:53 192.168.1.33:1040 UDP

If i switched to www.opendns.com the DNS cache poisoning attack came from this DNS server ?

Although for me disableing DNS poisoning attack detection solved the problems. But I do this with a bad feeling. (Is a worm trying to enter my machine?)


Sincerly samoht

Yes, I get the DNS Poisoning Attacks from OpenDNS also. They occur in clusters and have thru all ESS versions. I was told by Eset many versions ago that they were probably false positives, but the issue probably should be revisited with v650. Especially since Eset has a specific option for it in their IDS parameters. On the other hand, OpenDNS is used by millions of users with billions of fulfilled requests and Eset is new to the firewall business.

Perhaps we should ask other ESS users if they are getting these DNS Poisoning Attacks with their DNS services.

FYI: http://www.theregister.co.uk/2008/04/15/dns_cache_poisoning/

-{ Quote: "Finally i found the Log files and they although say DNS cache poisoning attack
The first address is from my router and the second is my adress in the network

11.04.2008 23:19:12 Detected DNS cache poisoning attack 192.168.1.1:53 192.168.1.33:1040 UDP

If i switched to www.opendns.com the DNS cache poisoning attack came from this DNS server ?
Sincerly samoht" }-

Hi, I'm not sure If we have the same problem, but I used to have the same DNS cache poisoning attacks and Issues with DNS in the past. I sent a support ticket to Eset using ESS's own support and I was suggested to send a log from wireshark that recorded traffic when ESS detected the attacks.
After a while, Eset support told me that the problem was my router and not my machine or ESS, and ¡it turned out that they where right! I switched my router and now everything works fine.
Another thing you should consider is that sometimes routers tend to get saturated by traffic intensive applications, like P2P and stuff (I know because I've had this problen) resulting in poor DNS performance on slow machines because the Router gets overloaded.

I didn`t switch the router, but I switched the computer. Now I have a core duo 1.82 Ghz notebook with windows vista and now everything works fine.

Sincerly samoht

I just unchecked the DNS box. Everything else is checked though. ESS is running very smooth.:thumb:

I have same problem too.
I avoided this problem by stopping "DNS Client" windows's service.
Please try it. And please tell me a result.

Here's a good reference: http://www.theeldergeek.com/services_guide.htm

...and specifically: http://www.theeldergeek.com/dns_client.htm

.....also: http://www.blackviper.com/WinXP/Services/DNS_Client.htm

Look at other Services tweaks also.