DNS problem with Zone alarm and router

Discussion in 'other firewalls' started by SpikeyB, Apr 25, 2005.

Thread Status:
Not open for further replies.
  1. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Hi, hoping you can help me.

    I am running windows XP pro (standard default TCP/IP settings apart from disable NetBIOS over TCP/IP ticked) with Zone alarm (free version), set to stealth for internet and trusted zones. I also have a router.

    When I type a web address in my browser I cannot reach the page. If I type an IP address I can get to the page. If I disable the firewall, I can get to the page with web address or IP address. The router is set to find DNS servers automatically.

    Can anyone explain what is happening so I can fix it.

    Thanks
     
  2. Arup

    Arup Guest

    There is a setting in ZA to allow DNS on high setting, suggest you try it out.
     
  3. Nick_morris

    Nick_morris Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    23
    Location:
    Ivybridge
    hi Spikey, set Zone alarm level to medium rather than stealth mode (high security), this should sort out your problem. Nick.
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    You should be fine with Internet Zone - High and Trusted Zone - Medium.

    Do your ZA logs show the DNS lookups being blocked (outbound requests to remote service/port 53)?
    What rules/settings do you have for svchost.exe?

    Regards,

    CrazyM
     
  5. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Just uninstall Zone Alarm and depend on your router. Believe it or not, the world will not end and your PC will be more responsive.
     
  6. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    Lol. That be true except for two cases:

    i) wireless networking
    ii) notebooks

    However, I will not be able to shake off the insecure feelings I get by not having a software firewall. Like there's someone watching my every move ...
     
  7. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Thanks for your help guys. Amazingly, the problem, which has been around for a fortnight has cured itself without me changing any settings, bizarre.

    Thanks also to Diver for his amusing comments. I believe you, the world will not end. However, I do like to play around with downloaded programs and it is nice to know when they are trying to access the internet. If you know of a way to determine this without a firewall, please let me know.

    Thanks again.
     
  8. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    For notebooks, a software firewall is indicated if you use them on a different network than in your home. In that case the windows ICF will do the job with "no muss or fuss". For wireless networking it depends on the circumstances. If it is a dedicated home setup, the router with wireless access should be enough of a firewall. Am I missing something here, other than the usual paranoia game with outbound app control?

    There is a good faq on this subject over at DSLR.

    http://www.dslreports.com/faq/4629

    No one should LOL about this point of view. It is pretty much how the real world operates.
     
  9. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Sorry if this is off topic for this thread but what does this do to help security? Does it inhibit your own ability to access share drives on home network PCs? or does it just make doing so more secure from the outside world? I do enable file and print sharing as as only one PC at home is hooked up to a printer and I rely on my router and software firewall to protect me - should I be disabling Netbios over TCP/IP as an aditional measure?

    Thanks.
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    If you are sharing files/printer on the home LAN you will need to leave NetBIOS over TCP/IP enabled. Your router will protect this from the outside/Internet and your ZA will restrict it to trusted address.

    Regards,

    CrazyM
     
  11. Arup

    Arup Guest

    If you are worried about stealth with ICS, I suggest you check out http://members.shaw.ca/BIND-PE_and_ICS/ CHX-1 with 2.6 filters from that site will stealth your PC no matter what your firewall config is currently.
     
Loading...
Thread Status:
Not open for further replies.