Some DNS questions

Discussion in 'other firewalls' started by J at A, Apr 4, 2005.

Thread Status:
Not open for further replies.
  1. J at A

    J at A Guest

    Hi,

    I'm not sitting at my own PC, and I'm not too familiar with XP and ZA; so sorry...

    Some questions about DNS Servers, and related questions:

    1.
    On W98SE you can type winipcfg at start > run
    How does that work on XP?

    2.
    In ZA:
    Would you advice to let it put the IP-number of your ethernet-card in the Internet-zone?

    3.
    In ZA:
    Would you advice to put the IP-numbers of your ISP-DNS-servers in the Trusted-zone?

    4.
    In case of a router:
    Would you advice to put the IP-numbers of your ISP-DNS-servers in it?
    I know, I have put this question very general...

    Thanks in advance !
    Jan.
     
    J at A, Apr 4, 2005
    #1
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    At the command prompt type "ipconfig /all" without the quotes.

    Where is it now? I'm drawing a blank at the moment as to what the default is when the IP is in a private range.

    Yes you can add your ISP DNS servers to the trusted zone.

    The simplest solution is to add the subnet for LAN to the trusted zone.
    ie. 192.168.1.0 255.255.255.0 (the ipconfig /all will display your subnet info).

    Regards,

    CrazyM
     
    CrazyM, Apr 5, 2005
    #2
  3. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    480
    Location:
    Dallas, TX
    You really shouldn't need to worry overly about putting things like DNS servers and gateway routers in your Trust zone. In fact, you don't even necessarily need to put your LAN subnet in a Trust zone if you don't want to. The only thing is that if you wish to utilize something like file/printer sharing on your PC from a local subnet, then you may wish to go ahead and configure ZA with that subnet in the Trust zone. That is, only put addresses in a Trust zone for which you expect unsolicited (yet, trusted) incoming traffic. A DNS server, for example, will not normally send unsolicited packets to your PC, rather they send replies back to queries initiated by your PC so there is no typical need to put DNS servers in the Trust zone. In contrast, if you wish to utilize a file share on your PC from another PC on the LAN, then the other PC will be initiating a SMB/CIFS connection to your PC and in that case ZA will have to be configured to "trust" that incoming TCP connection request.
     
    Alec, Apr 5, 2005
    #3
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Server rights (allowing unsolicited inbound traffic) still applies to the trusted zone. Some default settings make it convenient for file sharing on a LAN.

    Another perk to adding trusted servers, like DNS or mail servers, to the trusted zone is some applications/services can then be restricted to the trusted zone and denied access to the internet zone.

    Regards,

    CrazyM
     
    CrazyM, Apr 6, 2005
    #4
  5. J at A

    J at A Guest

    Thanks Jim and Alec for your suggestions !

    Cheers, Jan.
     
    J at A, Apr 6, 2005
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...