Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 28

Thread: Are Earthlink DNS servers "safe" (re: KB951748 issue) or need to switch to OpenDNS?

  1. #11
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Oldsod, can you verify & tell me about all the rest of the settings I listed? Thanks!

    !. Yes
    2. Yes. The windows treats both networking adapter as seperate entities not grouped into one. You could treat both adatpters as seperate, but using both opendns for both adapters and locking it in is fine and should be a trouble or cause problems.
    3. Opendns probably has that site listed as a bad site and did not give you the dns or the IP and stopped you from going to a risky site. (we told you it was a good and safe dns).

    Oldsod.
    Best regards.
    oldsod

  2. #12
    bloomcounty Guest

    Default Re: Oldsod, can you verify & tell me about all the rest of the settings I listed? Thanks!

    <blockquote><hr>Oldsod wrote:
    2. Yes. The windows treats both networking adapter as seperate entities not grouped into one. You could treat both adatpters as seperate, but using both opendns for both adapters and locking it in is fine and should be a trouble or cause problems.
    <hr></blockquote>


    Thanks, Oldsod. I'll set the OpenDNS for both dial-up and wi-fi. But that's not what I was asking about here (I don't think) in #2.

    Let me explain in detail -- when I go to properties on my wi-fi TCP/IP and click Advanced and go to the DNS tab, there is a setting listed there towards the bottom called &quot;Register this connection's addresses in DNS&quot;. That *is* checked for some reason for the wi-fi. But on my dial-up, that is *not* checked. Should that particular option be checked for the wi-fi, but not the dial-up? If so, why? What is that? Or should I uncheck it for the wi-fi too?


    <blockquote><hr>Oldsod wrote:
    3. Opendns probably has that site listed as a bad site and did not give you the dns or the IP and stopped you from going to a risky site. (we told you it was a good and safe dns).

    Oldsod.
    <hr></blockquote>


    It actually wasn't a bad site at all. It's one I go to all the time. But for some reason, while on the site (a dvd news site) when I clicked on the links for the articles, I got that message. I reloaded the site and then tried again and it worked fine. Never happened before I started using OpenDNS. Could it have something to do with the OpenDNS servers being too busy? (I do notice occasionally that OpenDNS seems to be a bit slower on dial-up than when I was using the Earthlink DNS addresses.)

    Thoughts? Thanks!

    And I set both OpenDNS addresses as Trusted Zone in ZA and have the Trusted Zone Security slider set to &quot;Medium&quot; -- right?

    Message Edited by bloomcounty on 07-24-2008 09:58 AM

  3. #13
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Oldsod, can you verify & tell me about all the rest of the settings I listed? Thanks!

    Oh ok.
    Nah, do not worry about it.
    It is a throw back from years ago and is not important either way.
    Windows picked one when it was first used or used for the first few times and if windows is happy, then all is alright.

    Could be. Could be the opendns server had no domain name records for that particular site at that very instance and their servers had to a connection to main core dns servers and retrieve the domain name, bring that information back to the opendns cached servers and send the information to the publically accessed opendns servers. All domain name information just has a certain time to be valid - after that time period passes, the information is no longer valid. And if there is a new request for that particular site with the expired dns lookup, a new domain name information lookup has to be made and then presented to you. It does seem the opendns does have extremely good cached servers, but is slow in obtaining the replacement domain name information.

    Oldsod.
    Best regards.
    oldsod

  4. #14
    bloomcounty Guest

    Default OpenDNS settings in ZA 6.1.744.001 Firewall Zones

    Gotcha, thanks!

    So the OpenDNS entries added into the TCP/IP properties, as well as into ZA Firewall Zones as &quot;Trusted&quot; (along with the loopback adapter) and then the Trusted Zone Security slider set to &quot;Medium&quot; -- correct? That's all safe set that way, right?

    Thanks again!

  5. #15
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: OpenDNS settings in ZA 6.1.744.001 Firewall Zones

    Yes it is.
    Do not forget the dhcp server (s as you use several) as trusted too.
    Oldsod.
    Best regards.
    oldsod

  6. #16
    bloomcounty Guest

    Default DHCP Server...? I never had something called that listed in ZA...

    <blockquote><hr>Oldsod wrote:
    Do not forget the dhcp server (s as you use several) as trusted too.

    <hr></blockquote>


    What's the DHCP server (in layman's terms preferably -- heh)? I've only ever had the two DNS Servers and the Loopback Adapter in the ZA Firewall Zones (even before with 6.5.737 and Earthlink). Thanks!

  7. #17
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: DHCP Server...? I never had something called that listed in ZA...

    Oh I forgot you use the ZA Free - it will be IP tagged with the adapter in the Zones.
    Make sure the adapters are set to trusted.
    Oops my mistake.
    Defintiely need that road trip!
    Oldsod.
    Best regards.
    oldsod

  8. #18
    bloomcounty Guest

    Default Here are my settings...

    <blockquote><hr>Oldsod wrote:
    Oh I forgot you use the ZA Free - it will be IP tagged with the adapter in the Zones.
    Make sure the adapters are set to trusted.
    <hr></blockquote>


    I see that listing -- but it only shows up when I dial-up. Once I disconnect (or restart my computer) it disappears until I connect again. And since I have dial-up, that IP address listed for the &quot;Adapter Subnet&quot; changes each time I dial-up, so there is no &quot;permanent&quot; setting (as compared to the settings for loopback adapter and the two OpenDNS addresses, which always stay listed, so I am able to set them to &quot;Trusted&quot; ).

    I believe the default setting for the Adapter Subnet is &quot;Internet Zone&quot; since that's what is how it's listed each time I dial-up. And there is no way to change it (it won't let you).

    There are some things that are getting blocked coming from &quot;dial-up&quot; ip addresses (Source DNS column in the Firewall logs), probably because the dial-up is listed as &quot;Internet&quot; and not &quot;Trusted&quot; in the Firewall Zones, but I'm not having any connection issues.

    Here's how it looks:

    Name: WAN (PPP/SLIP)Interface
    IP Address/Site: 4.242.xx.xxx/xxx.xxx.xxx.xxx (I put in the x's here for security purposes)
    Entry Type: Adapter Subnet
    Zone: Internet

    These are the types of things that get blocked in the Firewall log:

    Source DNS: dialup-4.242.xxx.xx.Dial[#].[cityname][#].Level[#].net (I added the x's and the [#]'s and the [cityname] for security purposes.)

    Thoughts? Thanks!

  9. #19
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Here are my settings...

    It looks good Mr BloomCounty.

    "Source DNS: dialup-4.242.xxx.xx.Dial[#].[cityname][#].Level[#].net (I added the x's and the [#]'s and the [cityname] for security purposes.)"

    I am good but not that good. Please fill in the remote and source ports and the protocols involved (53, 67, 68, 80. tcp , udp , icmp, etc). And the exact remote IPs involved and the correct connection directions.

    Oldsod.
    Best regards.
    oldsod

  10. #20
    bloomcounty Guest

    Default Here is my log...



    Key to blocked out numbers:

    Destination IP address is my dial-up IP address at the time.

    Blue Dot: Source IP address is the same as the one listed as part of what's listed in the the Source DNS column

    Red Dot: I blacked out part of the weird number listed in the Source DNS column since I wasn't sure what it was...

    Many entries seem to be from &quot;Asia Pacific Network Information Centre&quot; (I did a reverse IP look-up). Not sure what that is...

    So you can see here everything that's getting blocked and how often. Let me know what you think. Thanks, Oldsod!

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •