Port 53: open or else no go?

Discussion in 'LnS English Forum' started by bilo, Sep 18, 2009.

Thread Status:
Not open for further replies.
  1. bilo

    bilo Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    7
    i have phant0m's ruleset, but i checked the logs when the net did not respond and kept getting dns hits so I simply right clicked it and allowed port 53 and now it works. Something tells me it's not that simple to be safe.

    My question is..why isn't the DNS stuff set to work out of the box with such a customized ruleset?.. from what i gather it's not safe to blindly allow all traffic on that port. What am I missing here? Do I need to add my ISP's specific DNS server info to the rule? I hadn't come across anything about that on the forums if so.


    I wouldn't be sure what info to enter if I created the rule from scratch..whether to apply incoming and or outgoing, and know it's safe -- I don't want to defeat the purpose of LNS or the well thought out ruleset that admittedly go well beyond my understanding.
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    You should really have posted this over on the official forum or contact me through e-mail for quick support. When posting here, I may not see anything for days, and sometimes may just pass me altogether.

    1) How long ago was it when you last ran the P. Ruleset Installer? Did you make changes to your connection settings in Windows or changes in .. a possible Router and/or ISP modem?

    3) Do you know if the ISP DNS servers have changed recently on you? .. You can export the DNS rule and e-mail it out to me, along with listing of your current ISP DNS servers shown with IPCONFIG utility.

    4) Do you use OpenDNS service?

    5) Can you e-mail me the Look 'n' Stop Log file showing these blockings?


    * When you run the P. Ruleset Installer, it does configure up the DNS rule with your current DNS servers, if you make changes to Windows connection settings, or changes in .. a possible Router and/or ISP modem, it may cause connectivity issues. Running P. Ruleset Installer again will adapt to any new changes made.



    Regards,
    Phant0m``
     
  3. bilo

    bilo Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    7
    Sorry for not posting on the other forum.. it just strangely doesn't seem to be ruleset specific. Thanks for your helpful response.

    it was quite some time ago (sometime in Spring) when I installed the ruleset/lns 2.06.. haven't booted up the particular machine much since. i checked out the dns info and manually allowed port 53 and restricted it to the DNS servers being used by my ISP and that seemed to work. I checked on the ISP forums and they appear to be the same as they've been for longer than this issue.

    I was surfing fine after the port 53 issue, then all of a sudden it started blocking port 80 and other basic web traffic (443,etc) as well, until i manually clicked allow on those, long after the applications themselves were given permission in app filtering. The strangeness seemed to happen on standard and enhanced rulesets as well as yours. I didn't have any such issue with my older 2.05 install on another machine.

    Nope, no OpenDNS. No router/modem changes

    I'm not on that machine currently.. I'll see if I can retrieve the logs later on -- since resorting to uninstalling/reinstalling that LNS I'm not sure if I set the log retention to beyond 0 days again or not. If not, I'll re-create the scenerio by blocking my added rules and log it again.

    I'll figure something out.
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Windows Server 2003 and down-level platforms, down to 2000 the Microsoft Windows Update (KB951748) when applied changes the Windows ephemeral ports. However, this update was released officially over Microsoft Windows Updates last year... http://support.microsoft.com/kb/951748

    Windows having done it's update for KB951748, you would have noticed on the next Windows start the Internet connectivity issues, and logged DNS packet blockings. This KB update required you to download the recent P. Ruleset Installer at the time that was KB951748 supported, and re-run the P. Ruleset Installer again. And Regarding the pre-bundled Look 'n' Stop rulesets, please visit https://www.wilderssecurity.com/showpost.php?p=1512930&postcount=3


    Look 'n' Stop v2.06 added feature the 'Local In', and Look 'n' Stop pre-bundled rule-sets uses 'Local In' for the two important rules, 'UDP : Authorize name resolution (DNS)' and 'TCP : Authorize most common Internet services'. I speculate this and another factor causing connectivity issues.

    Is the MaxUserPort set in the registry? HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters - http://technet.microsoft.com/en-us/library/cc758002(WS.10).aspx, if it is, what is its value?



    Regards,
    Phant0m``
     
  5. bilo

    bilo Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    7
    well, i resinstalled both once again and everything seems normal even after various reboots. Thank you again for the detailed answer and resources
     
Thread Status:
Not open for further replies.