Hey all, today I have one very simple question. It is that I've seen many blocked entries in ZoneAlarm log for this particular domain lately. Namely connections from my p2p sharing app. Well, after googleing a bit, I found out, it is a Reverse DNS lookup (Classless delegation), so as topic title already hints, I am talking about this particular common and "so-many-times-seen" domain name: .in-addr.arpa Here is an explanation: www.dns.net/dnsrd/rfc/rfc2317.html explanation-guide.info/meaning/Reverse-DNS-lookup.html My question is - is it recommended (clever) or not, to put it to Trusted Zone ?? In my case, beside loopback and/or localhost (both 127.0.0.1), and my ISP's DNS servers. I got used to put localhost in Trusted Zone, and disable ZA Pro "Privacy" for loopback (because I use Proxomitron, and it connects through), but btw., at least for loopback under "Privacy", I don't know if this is required though. Thanks for any explanation
Hi stalker Is it the blocked entries in the log and/or the way they resolve that is of concern? What are you trying to accomplish? Should these in fact be blocked or do you want to allow them. I would not put any remote addresses used by a p2p application into a trusted zone. Regards, CrazyM
No, I just meant like, if there are so many blocked entries, it is probably some kind of "trusted traffic", that should be allowed (also cause I saw, it is related to DNS lookups, see the links I posted) Thanks for answer.
Not necessarily, how is your p2p app configured in the firewall? I would not worry about how these blocked packets resolve, but whether they should remain blocked or if you need to reconfigure you rule(s). Can you post some samples from the logs? Regards, CrazyM
Well, here are the two examples of lines I got lately (other lines are usually preety similar): Code: IP: 141.157.7.137 DNS: 1.in-addr-arpa Source port: 61263 Destination port: 6012 Code: IP: 209.63.57.76 DNS: in-addr-arpa Source port: 16331 Destination port: 6860 cheers and thanks for help