Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: Are Earthlink DNS servers "safe" (re: KB951748 issue) or need to switch to OpenDNS?

  1. #1
    bloomcounty Guest

    Default Are Earthlink DNS servers "safe" (re: KB951748 issue) or need to switch to OpenDNS?

    With the issue going on with KB951748, I did a DNS safety check at a website and mine didn't seem to pass. I have Earthlink dial-up, so I use the following DNS servers:

    207.69.188.187
    207.69.188.186

    ...and I have those set in ZA Free (currently 6.5.737, until I revert to an older version so I can install KB951748 and still have internet access) as "Trusted" in the Firewall Zones.

    Would I be better off using the OpenDNS ones instead? I don't really understand about all that, but I thought I read those are "safer" and are not susceptible to the DNS spoofing that the MS patch deals with. Is this true?

    If so, how do I bypass or remove the Earthlink ones all together from being used on my laptop and use the OpenDNS ones instead?

    Is it *necessary* to sign up for an account with OpenDNS, or are you just as safe/secure by just using their DNS servers as is?

    Thanks!

    Operating System:
    Windows XP Home Edition
    Product Name:
    ZoneAlarm (Free)

    Message Edited by bloomcounty on 07-17-2008 11:33 AM

  2. #2
    zaswing Guest

    Default Re: Are Earthlink DNS servers "safe" (re: KB951748 issue) or need to switch to OpenDNS?

    If Earthlink is a legitimate provider and they have multiple servers, it's simply tranversing to the server which will deliver the answer you're looking for.
    If server1 doesn't know what google is, the server passes the query to server2, if that server doesn't know what google is, it passes it on ... I hope you get the drift.

    No need to signup for OpenDNS. Just use it.
    If you're worried about the changing numbers, well, OpenDNS is likely to bounce from server to server, so I don't know what to suggest.

    I don't think it has anything to do with the flaw in the DNS system regarding DNS spoofing. Just install the Microsoft patch.

  3. #3
    bloomcounty Guest

    Default Re: Are Earthlink DNS servers "safe" (re: KB951748 issue) or need to switch to OpenDNS?

    Thanks for the reply. Please note, I use dial-up.

    So how do I make it so my computer uses the OpenDNS servers instead of the Earthlink ones, especially since I dial-up with Earthlink?

    I know I can add the OpenDNS servers to the TCP/IP stuff for my dial-up by going to the properties of the dial-up and then the properties of the TCP/IP and then on the general tab I choose "Use the following DNS server addresses" instead of choosing "Obtain the DNS server addresses automatically". Is that correct? And that would then force the computer, even when I dial-up with Earthlink, to use the OpenDNS addresses instead?

    Do I need to do anything in the advanced options you can go to from that same general tab?

    And then I'd remove the Earthlink DNS addresses from the ZA Firewall Zone and add in the two OpenDNS addresses as "trusted" -- is that correct?

    Also, why are the OpenDNS address more "safe/secure" than the Earthlink ones?

    Thanks!

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Are Earthlink DNS servers "safe" (re: KB951748 issue) or need to switch to OpenDNS?

    Yes like that way for the windows and the ZA.

    Best go to the opendns.com site and have a good look at all of the links.
    They do offer special filtering for ads or pronographic sites.
    Also if desired, you can create an account with them and set up special filtering as you need for blocking unwanted content and sites.
    Plus they have extensive guides for hooking up to their dns servers (208.67.222.222 and 208.67.220.220) for the different internet connections that are used.

    They are safer in the sense that are working to not give the domain name lookups for some bad sites, thus if you cannot get the dns, then you are a little more safer. They were working with one or two antiphishing firms and I believe they still do so today.

    I find they are usually just as fast as my own rogers dns servers on average, but when rogers get busy then gthe rogers dns servers become extremely slow. Whereas the opendns dns servers never get slow and always have a good consistent speed. So I always use the opendns server instead of rogers cable dns servers.

    I have seen the opendns not give the domain name lookup and actually stop me from going to a few sites, so I guess the bad site protection does work. Plus there is a minor phishing filter in the antivirus I use and the phishing filters are available in the browsers.

    Oldsod.
    Best regards.
    oldsod

  5. #5
    bloomcounty Guest

    Default So need need to do anything in "advanced options"? And what about the wi-fi?

    Hi Oldsod -- thanks for the reply.

    DIAL-UP:

    So I don't need to do anything in the "advanced options" under the general tab then, right? Here are my current settings:

    Internet Protocol (TCP/IP) Properties --> General tab --> Advanced TCP/IP Settings -->

    General tab (""Use default gateway on remote network" and "Use IP header compression" are both checked)

    DNS tab ("Append primary and connection specific DNS suffixes" and "Append parent suffixes of the primary DNS suffix" are both checked)

    WINS tab ("Disable NetBIOS over TCP/IP" is checked)

    ...just leave that all as is? Should all that stuff be checked? What should there be on each tab there, if anything?


    WIRELESS MODEM WI-FI:

    Also, what about when I use my wireless modem for free wi-fi at the library? Do I add in the OpenDNS servers the same way here:

    Internet Protocol (TCP/IP) Properties --> General tab

    ...as I would with my dial-up?

    And what about under the advanced tab there? Here are my current settings there:

    Internet Protocol (TCP/IP) Properties --> General tab --> Advanced TCP/IP Settings -->

    IP Settings tab [says "DHCP Enabled"]

    DNS tab ("Append primary and connection specific DNS suffixes", "Append parent suffixes of the primary DNS suffix", and "Register this connection's addresses in DNS" are all checked -- should all those be checked? I'm especially wondering about the "Register this connection's addresses in DNS" as that one is *not* checked for my dial-up but is checked here -- as far as I know, that was the default setting...?)

    WINS tab ("Disable NetBIOS over TCP/IP" is checked)

    Options tab ("TCP/IP filtering" is listed)

    Anything to change or add here? Should all that stuff be checked? What should there be on each tab there, if anything?

    Thanks very much!

    Message Edited by bloomcounty on 07-19-2008 07:03 AM

  6. #6
    zaswing Guest

    Default Re: So need need to do anything in "advanced options"? And what about the wi-fi?

    Blomcounty,
    As far as I understand, the ONLY one you need to fill is this, regardless whether it's wired or wireless.


    if the image didn't show, try this
    http://img156.imageshack.us/img156/5...erties1hw8.png
    Advanced tab will bounce the DNS servers at you, and I would not recommend do anything else at this point.
    You can control ports and stuff like that but leave it alone for now.
    If Oldsod disagrees, it'll be cool to hear.

    Edited, OT: please do not ask why there's something about fish under my image. i just learned how to post image on this forum and am not responsible for what actually posts

    Message Edited by zasuiteuser on 07-18-2008 08:41 PM

  7. #7
    bloomcounty Guest

    Default Oldsod, can you verify & tell me about all the rest of the settings I listed? Thanks!

    Thanks, zasuiteuser. But why is there a fish under your image? Just kidding!

    That makes sense, but I'd really like to know about all the rest of those settings in the advance tab for both my dial-up and wi-fi because I don't *think* I set them that way... and I want to make sure they are set the way they should be. Things *are* checked in the advance tab for both, so I need to find out if that stuff is as it should be -- especially since it's possible that the way things are set now may not be the most "secure" way for it to be set. Know what I mean?

    Oldsod, can you let me know how that stuff should be?

    Thanks again!

    Message Edited by bloomcounty on 07-19-2008 07:33 AM

  8. #8
    zaswing Guest

    Default Re: Oldsod, can you verify & tell me about all the rest of the settings I listed? Thanks!

    Re: "but I'd really like to know about all the rest of those settings in the advance tab for both my dial-up and wi-fi because I don't *think* I set them that way... and I want to make sure they are set the way they should be. Things *are* checked in the advance tab for both, so I need to find out if that stuff is as it should be" in your message to me

    Leave WINS alone, you're not using it
    http://technet2.microsoft.com/window...519581033.mspx
    http://kb.iu.edu/data/adeo.html

    I don't think you need to append any list of DNS servers, that's more for users inside a big network. Leave all that blank.

  9. #9
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Oldsod, can you verify & tell me about all the rest of the settings I listed? Thanks!

    Yes it all looks ok.
    It is a laptop using dialup and wireless - the dialup dhcp's server keep changing from time to time, so do not lock these in as zasuiteuser suggested already.Using the wireless and changing lans is the same advice.
    Locking in the dns servers is okay, as the dns servers from opendns.com are available no matter where you go and end up.

    Oldsod.
    Best regards.
    oldsod

  10. #10
    bloomcounty Guest

    Default Re: Oldsod, can you verify & tell me about all the rest of the settings I listed? Thanks!

    Thanks, Oldsod.

    1. So I *should* lock in the DNS to OpenDNS for my *wi-fi* connection as well here?
    Internet Protocol (TCP/IP) Properties --> General tab

    2. And what about on the DNS tab under Advanced for my *wi-fi* -- I'm especially wondering about the "Register this connection's addresses in DNS" being checked as that one is *not* checked for my dial-up but *is* checked here. Should that be checked for the wi-fi? If so, why? What is that, in layman's terms? (I think it was checked like that by default for the wi-fi and unchecked for dial-up.)

    3. Also, using the OpenDNS on my dial-up, I did notice that once time going to a website, it said "service unavailable" or something like that for a couple tries. That's never happened before. What's that about?

    Let me know what you think -- thanks again!

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •