[question][kerio2.1.5]DNS Alert

my dns server is 61.128.128.68
I am using kerio 2.1.5 with "BZ kerio 2x default replacement"
after unchecking the "unrestricted DNS (log), and the next line of "DNS Alert (log, alert)" will often alert me with

Should I allow it?
NOTE: the two ip are rather similar. I didn't test to see if the latter is also a dns server.

 

Hmm,it could be that your ISP is changing servers sometimes.Mine does it and Kerio wouldn't connect unless i would edit the rules and insert the new server IPs.Supposing you have XP,the next time you get this alarm,you can open a command prompt and type ipconfig/all . At the bottom of the text,there should be your 2 DNS servers (primary and secondary below it).See if they are the same with the ones you knew.

 

Hi GNWD

Both addresses belong to the same ISP
CHINANET Chongqing Province Network

does this make sense

 

Wow, people still can't read the posted instructions.

Your supposed to put the listed dns servers in your ip configuration in the firewall settings, and some have isp's with more than two dns servers so I just use the custom address group to hold them, mine actually has 12 rotating dns servers, as long as you verify that your computer started the communication first, and its listed in the ipconfig, its ok.

It was made to prevent dns tunneling, in or out, and the unrestricted dns rule was setup on logging so you could see the ip addresses of the dns servers your computer talks to until you disabled it for the secure dns rules.

 

which instruction do you mean?
but I think when I was talking with somebody(i.e. some dns server), it should not let others to answer me.

 

I think he would be referring to suggestions for DNS rules in this post:
http://www.dslreports.com/forum/remark,8023708~mode=flat

It would appear your current DNS rule is blocking responses from another one of your ISP's DNS servers. So in effect your rule is working and blocking responses from a server not permitted by your rule.

ISP's may use multiple DNS servers and DNS cache servers to share the load and as a result your DNS rule(s) should reflect this and permit these additional servers that your ISP uses. You just need to confirm it is a server belonging to your ISP and trusted before adding it to your list of DNS servers.

Regards,

CrazyM

 

For instance , at one time - on my dial-up, I was having four DNS Servers and did have four separate rules for them . It would be perfectly legitimate to ask your ISP about the addresses of your DNS Servers and incorporate the same in your rule-set.Tightening up of rules includes specifying IP addresses and local/Remote Port Nos to the extent possible.

In case the ISP is not willing to part with these details , which should not normally happen , then a general 'allow' rule be set and put to log.After watching the logs for some time specific rules could be set. However it is always better to authenticate the details from your ISP.

 

When I first set up a custom DNS rule in Kerio, I entered my ISP's 2 IP addresses in the custom addresses list. (I copied these from the information sheet I received from my ISP years ago when I signed up). I also set up an unrestricted DNS rule to log.

When I logged on for the first time using a custom rule, Kerio alerted that a different DNS address was being asked for.

I phoned my ISP and was told that they had multiple DNS servers. When I was using the default Kerio rules, Kerio permitted connecting out to any address, and so I never knew what was going on in the background.

If your ISP has multiple DNS servers, you have checked "Obtain an IP Address automatically" in the TCP/IP properties box of your dialup connection, and for this to work, you will have to find and enter all of the addresses in your Kerio Custom Addresses (or set up a separate rule for each) .

There is also the option in that Properties box to specify your primary and secondary addresses, and I asked if I could do that and use the 2 addresses that I had instead of allowing for multiple, and was told that would be fine, and that's the way I've done it ever since.

The NameServer (both primary and secondary addresses) are stored in the Registry in one of the keys at

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

If you are set up for multiple nameservers, this value will change depending on what server is being used at any time.

regards,

-rich
________________
~~Be ALERT!!! ~~