I have entered my ISP's DNS servers IP addresses into the "trusted computers zone" of norton firewall. Anything entered into the trusted zone automatically bypasses the firewall, and has full access to my machine as though the firewall wasn't there. I assume this is the way to go for DNS servers.

This stops two popup alerts appearing each time a program wants permission to access the net for [1] the dns server to lookup the domain it wants to access, and [2] the actual domain it wants to access. I now only get popup alert for [2].

Questions.. you knew they were coming :-)

1. Is this the best way to go about this sort of thing?
2. Should I also place the mail server address into the trusted zone?

-Bob-

-{ Quote: "I have entered my ISP's DNS servers IP addresses into the "trusted computers zone" of norton firewall. Anything entered into the trusted zone automatically bypasses the firewall, and has full access to my machine as though the firewall wasn't there. I assume this is the way to go for DNS servers." }-

It's one way to go ;)
As you noted by placing these in the trusted zone, it by passes all filtering and monitoring/logging. Not being able to monitor/log if I should ever want or need to, is one reason why I prefer not to use the trusted zone.

-{ Quote: "This stops two popup alerts appearing each time a program wants permission to access the net for [1] the dns server to lookup the domain it wants to access, and [2] the actual domain it wants to access. I now only get popup alert for [2]." }-

Curious as to why you would be getting alerts for DNS querries. Did you delete the default DNS rules?

-{ Quote: "Questions.. you knew they were coming :-)

1. Is this the best way to go about this sort of thing?
2. Should I also place the mail server address into the trusted zone?" }-

My preference is customize the rule(s) and restrict to specified remote servers/IP's where possible and appropriate. Examples of these types of customized rules for DNS and E-mail:
http://www.gpick.com/agnisrules/pages/system/system_pg2.html
http://www.gpick.com/agnisrules/pages/application/application_pg2.html

Regards,

CrazyM

-{ Quote: "placing these in the trusted zone by passes all filtering and monitoring/logging." }-
Ah, I forgot about logging!

-{ Quote: "
Curious as to why you would be getting alerts for DNS queries. Did you delete the default DNS rules?" }-
I only have one default DNS rule in the general rules section:-

"Default Inbound DNS Rule" Permit UDP connections from any computer on port 53.

There is no outbound DNS rule at all! That's probably why I kept getting 2 popup alerts each time a program tried to access a website.

-{ Quote: "
My preference is customize the rule(s) and restrict to specified remote servers/IP's where possible and appropriate. Examples of these types of customized rules for DNS and E-mail:" }-
Those url's of yours show both inbound and outbound DNS rules. But they also appear to be much more complex than my rules in NIS2004. I think they're for another type of firewall.

I think I need to change the existing inbound DNS rule by restricting it to both of my ISP's DNS server addresses. I also need to create a general outbound DNS rule restricted to my ISP's DNS servers on remote port 53, but what local port should I choose to configure??

I also find all this TCP, UDP, ICMP stuff complicated. I never know which one to choose. :-)

Thanks for the help... Bob

Technically, this is a meaningless post. My prior attempt to post in this thread got lost and I want to see if it'll work this time. (So there's no substance in my response.)
-{ Quote: "Ah, I forgot about logging!" }-

Logging is everything! ::)

-{ Quote: "... There is no outbound DNS rule at all! " }-

Cool! Looks like it worked. Now I can start all over again, from scratch.

-{ Quote: "
I only have one default DNS rule in the general rules section:-

"Default Inbound DNS Rule" Permit UDP connections from any computer on port 53.

There is no outbound DNS rule at all! That's probably why I kept getting 2 popup alerts each time a program tried to access a website." }-

There should be a "Default Outbound DNS Rule" - permit TCP/UDP to any computer on remote port 53. (the protocols allowed in the default outbound are different than the inbound)


-{ Quote: "Those url's of yours show both inbound and outbound DNS rules. But they also appear to be much more complex than my rules in NIS2004. I think they're for another type of firewall." }-

While the information on that site is applicable to most rule based firewalls, it relates specifically to AtGuard and NIS/NPF.

-{ Quote: "I think I need to change the existing inbound DNS rule by restricting it to both of my ISP's DNS server addresses. I also need to create a general outbound DNS rule restricted to my ISP's DNS servers on remote port 53, ..." }-

Doing just that will result in the custom DNS rules from the link. You just created one of those complex rules ;)

-{ Quote: "... but what local port should I choose to configure??" }-

You can leave the local port to any (like the default rules), or as in the example from the link, restrict that to the ephemeral ports range: 1024-5000. An explanation of ephemeral ports is also on that site.

-{ Quote: "I also find all this TCP, UDP, ICMP stuff complicated. I never know which one to choose." }-

Which is why we come here, to help each other out and learn :)

Regards,

CrazyM