Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.
How do you use 2 different dns's?
Use Primary IP address of DNS service A for Preferred Address and primary IP address of DNS service B for Alternate Address as settings for ROuter or TCP IP4 settings in adaptor settings
Screens would help lol
It is explained here https://store.opendns.com/setup/#/ and here https://dns.norton.com/homeuser.html
You do realize it doesn't work this way, right?
Primary and Secondary is for failover. If the primary DNS is unreachable it will poll the secondary, but only if the primary isn't reachable. If you have an enterprise FW it's possible to assign DNS to specific segments, but as a rule the way you think it is working is not correct. There is no switching to the backup DNS server(s). In a busy enterprise environment DNS requests are distributed across all your nameservers relatively evenly. (This is done by querying servers using a round robin schedule.) If one or more name servers are down, requests will be retried on another nameserver after a timeout. In the home situation you will almost always poll the first name server. Another caveat, some crappy home routers won't even poll the secondary DNS, they'll return unresolved rather than taking the effort to poll the second one. Netgear's low end crap routers come to mind.
So having OpenDNS(NS1) and Norton(NS2) is absolutely pointless if you are trying to do some sort of layered domain name scanning. It simply won't work. 'Layered threshold' sounds fancy, but it has no meaning in the context of DNS. There is a fancy way to setup a caching layer. NS1 caches, then NS2 verifies integrity, but you aren't going to be doing that with any gear you have running.
Also testing throughput won't test anything related to the DNS. The way to test DNS is to setup a DNS cache script to poll DNS then generate a timestamp. I think there are tools to test this. But throughput? No.
Yep of course
and of course not simultaneously Did you really think that not what I intended to communicate
I know how to configure 1 dns (mine is norton) but using 2 at the same time on the same pc
EDIT: NM I should have checked for new messages before I replied
I thought KS was abandoned
How long ago did i make that post, at least a year?
It's still not working how you intend simply because in your environment, 100% of the time it's polling the first DNS, and ignoring the second. The only time it would poll the second is if OpenDNS drops or there due to the number of requests it round robins, but that's generally never going to happen. So in effect, your secondary DNS might as well not even exist.
What are you attempting to do here?
Client DNS settings will overrule the routers in this case under static. But the same rules apply, in this case the static assignment will take the first DNS, and ignore the second in almost 100% of the cases.
1) Adapter Settings.
2) Switch Settings. (layer 2/3)
3) Router Settings.
So any static entered on the client (Windows Adapter, etc) will take precedence over anything else, then the switch, and or router. So if DHCP is set on the router then your router will handle IP assignment, and DNS resolution (usually through ISP). But if you have DHCP-pointer on the client, with static DNS then the client will rely on DHCP from the router, but force the client to resolve to the FIRST DNS, largely ignoring the second in almost 100% of the cases. Having 2 different DNS means nothing, you aren't 'layering' anything. Does that make sense?
Using whats in my signature...
I like your setup
I just put a Sophos UTM 9 on the front end of my network at home.
The power is immense. Double scanning engines on all inbound - hardware level. First pass is Avira, second is Sophos, with no drop in throughput as throughput is a measure of how much hardware I can throw at it, and I've thrown a lot of hardware at it. Not for the faint of heart, it comes heavily secured, and locked down. Blocking virtually everything but 'normal' business traffic - that means rules/policies for Steam, Origin, and even your VOIP need to be put in. But anyone with reasonable experience with enterprise UTM won't have much trouble.
I really enjoy the region blocking. I have entire swaths of the world blacklisted except in cases where individual applications need access for specific reasons, and then I have exclusions for those particular applications as noted in application monitoring. No real reason to allow most of Asia to go inbound to my systems, and I can lower my profile significantly by removing them from the equation.
Imagine having Avira+Sophos scanning all of our inbound.. <shivers> I could probably remove any localized AV's entirely, and roll with only an on-demand once in awhile.
you might be interested in gorhill's latest effort found here. I've been using the uMatrix & uBlock combo for several days now and it's excellent. I'm spending less time managing script filtering with uMatrix/uBlock combo than I was with httpsb.
I would agree
Also Sophos UTM 9 has a lot of settings for PUA/PUP detection, and the potential to lock down your network for a huge variety of threats whether they are based on region locks, behavior, or raw signatures. I am very impressed with it so far. I in-bound/out-bound blocked from every significant hacking origination country on the planet other than US and RU. RU because I play some RU games.
I am genuinely intrigued by all of your recent (and past) hardware purchases and I would be confident in saying, wholeheartedly, just drop your local AV entirely. You have paid for and deserve this much needed peace of mind, time to relax any local AV scanning, take a deep breath, and enjoy that performance and throughput.
I have much less of a setup when it comes to money put into hardware, but I do make it work with what I have and trust on my knowledge with what I've done with my networking hardware and therefore have enjoyed my systems without AVs for years now. I believe very much, like you, in putting that hardware to work so that we can get real work done on our systems without interruption or worry. Much respect.
I just redesigned my entire home network today. Sophos UTM9 was remarkable, but not suitable for the home. It simply blocks too much, and requires too much individual tweaking. Everything from my VOIP, to Steam, to individual games were problematic under it. Without going into too much detail I dropped it. My new setup is pretty astounding - I think.
Gateway - ZyXEL USG60 Next Generation Layer-7 UTM. IPS/Antivirus/URL Filtration enabled.
Bridge - Untangle 9.45 Layer-7 UTM. Antivirus/Adblock/Phishing/Spyware.
WiFi - ASUS RT-AC87 Functioning in AP Mode
Essentially on my gateway I have a Layer-7 with Kaspersky UTM - full signatures, and Commtouch+Bluecoat URL Filtration. This is a subscription based device, and I have already paid up for year on it in advance. Nothing is connected to the Gateway Router/UTM other than a single Cat5e going to the Bridge.
The Bridge is a Dual Core 2.66ghz 4GB Ram Mini-Tower running Untangle 9.45 Layer-7 in Transparent(bridge) mode. This provides real-time scanning with ClamAV Enterprise, along with Clam Community resources for Phishing/Spyware, as well as Google Database. It has Adblock-Plus built in with self-updating signatures. No other features are active as it's in transparent mode with no routing/forwarding/policies.
Next is the switch, which handles traffic from the bridge(Untangle), into the actual network. Followed by an ASUS RT-AC87 functioning as a an extremely powerful AP.
How this works is all traffic comes into the Cable Modem (DOCSIS 3.0), then goes into the Gateway. The Gateway handles DHCP, DNS, and the UTM scanning aspects on the front end, along with aggressive IPS/IDS. Coming out from this is a single cable going into the Untangle Box which 'conditions' the line for the final push to the devices. Here it gets a quick check with the secondary UTM before it's pushed to the switch and out into individual devices in the home. Now THAT is layered security.
Edit: Sticking with Norton 2015 on the machines because it is so light, 10 license pack covers the machines. Now all of the tablets/phones/roku/smarttv and other devices are getting some AV action too.
Back to what works best for me, EAM, MBAM, Appguard. I'm a install and forget it type of person. These 3 seem to be silent but deadly.
My new security setup and a few thoughts:
Because I’m still under Windows XP Home Edition as Admin I setup the follow plan:
A secure browser (Chrome) with plugins click to play and μblock only extension in secure sandbox (chrome.exe only allow to run and connect to the Internet, Windows folder and Program Files as Read-only, block access to my documents and direct access to Chrome profile).
CryptoPrevent is set and forget in my opinion
SecureFolders block executables in Sandbox folder and my downloads folder.
Chrome and Yandex black lists are supplementary and also set and forget.
I’m finally out of antivirus and all his downsides and if I was forced to choose one that will be Panda Free Antivirus.
Upgraded to Untangle 11x on the Bridge. They nerfed some of the free features, but it's quite a bit higher performance, and I was able to fix the daemon issue with some of the apps.
I like your security setup.....A LOT!
My recent changes are listed in my sig below after being CryptoLocked (Those dastardly villains )
Also dumped 360IS for not stopping it in the first place. Where are you EQS x64 when you're needed?
Somehow I was looking at older posts and didn't realize it, sorry
Separate names with a comma.