Results 1 to 2 of 2

Thread: DNS replies blocked, but no ill effects

  1. #1
    mspreitz Guest

    Default DNS replies blocked, but no ill effects

    I am running ZoneAlarm Security Suite version:7.0.362.000, just installed, recently ran 7.0.337 for a while.In the firewall logs I keep getting entries saying a UDP packet from port 53 on one of my ISP's DNS serverswas sent to a port 1XXX on my computer and blocked by ZA.
    Yet I notice nothing going wrong, in termsof programs failing.
    This while I surf the web, use Eudora, etc.
    How can this be?
    Here are the "technical details" of an example (with my local IP Xed out, and formatting destroyed because ZA and this forum do not play nice together):
    Inside the firewall alert Alert property Alert property value Technical explanationSource IP Address 167.206.251.4 The IP address of the computer that sent the packet which caused the alert.Source Port 53 The port used by the source computer when sending the packet.Destination IP X.X.X.X The IP address of the computer to which the packet was sent.Destination Port 1324 The port on the destination computer used to receive the packet.Transport Layer Protocol UDP The protocol that allows data to be transported between software programs on different computers.Network Layer Protocol IP The protocol that allows two networked computers to locate each other on a network.Link Layer Protocol Ethernet The protocol that allows two directly linked computers to share a network cable.Alert Date Sep-02-2007 06:28:06 PM PDT The time when ZoneAlarm Security Suite detected the alert on your computer.Alert Count 1 Number of times this connection attempt repeated its attempt on your machine after the original alert. ZoneAlarm Security Suite shields your machine from repeated displays of an identical alert. ZoneAlarm Security Suite security enforcement at time of alert Alert property Alert property value Technical explanationLock Level Lock Not Engaged Internet and network connections permitted by your ZoneAlarm Security Suite settings are not blocked by a lock setting.Trusted Zone Security Level Medium This ZoneAlarm Security Suite setting enforces application privileges and Internet Lock settings, leaving your computer visible to other computers in the Trusted Zone. It does not block file or printer shares (NetBIOS) or operating system traffic to and from the Trusted Zone.Trusted Zone Servers Servers Allowed Computers in your ZoneAlarm Security Suite Trusted Zone are not prevented from connecting to server programs running on your computer.Internet Zone Security Level High This ZoneAlarm Security Suite setting blocks access from the Internet Zone to file and printer shares (NetBIOS) and other operating system services. Ports not currently in use by a program are blocked and are not visible to the Internet Zone. This Security Level also enforces application privileges and Internet Lock settings.Internet Zone Servers Servers Allowed Computers in your ZoneAlarm Security Suite Internet Zone are not prevented from connecting to server programs running on your computer.Packet Direction Incoming The packet that caused the alert was sent from a computer located somewhere on the Internet or on your network. It was being sent to your computer.Zone Internet Zone This ZoneAlarm Security Suite zone contains all the computers and networks in the world that are connected to the Internet, until you explicitly define them as members of another zone.Operating system Windows XP-5.1.2600-Service Pack 2-SP Version of operating system running on your computer.

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: DNS replies blocked, but no ill effects

    What really happened is the web application or the OS did a connection to the DNS server, got the information it needed and just stopped the communications. The DNS server on the other hand, never got a stop communication message and simply sent a connection attempt to keep the connection going. But your PC just ignored the inquiry and so it is dropped by the ZA and seen as a blocked inbound.

    This usually happens when the UDP to the remote port 53 of the DNS (s) servers are allowed just outbound and not both inbound and outbound connections.

    Usually placing the DNS server(s) IP as Trusted in the Zones will resolve this blocked from the DNS issue.

    Make sure your DNS and DHCP server IP's are in your Firewall's Trusted zone. Finding DNS and DCHP servers, etc

    1. Go to Run type in command , hit 'ok', and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side.
    2. In ZA on your machine on the Firewall>Zones tab click Add and then select IP Address. Make sure the Zone is set to Trusted.
    3. Click OK and then Apply and see if that works to fix it.
    4. The localhost (127.0.0.1) must be listed as Trusted.
    5. The Generic Host Process (svchost.exe) must have server rights for the Trusted Zone.
    Plus it must have both Trusted and Internet Access.

    http://zonealarm.donhoover.net/dnsdhcp.html

    Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •