cancel
Showing results for 
Search instead for 
Did you mean: 

DNS problem or recent change - Firewall impact

JakTheBiscuit
Grafter
Posts: 149
Registered: 10-08-2007

DNS problem or recent change - Firewall impact

DNS problem or change on 212.159.13.50 ?

3 days ago, when the Sasser worm was rampant, I suddenly found that I could not connect to certain web-sites, such as Microsoft, McAfee and others, while others were OK.

If I shut down the firewall (ZoneAlarm), I can get access again.

I already had the MS security updates installed.

I've spent ages fiddling: ran several different virus scans, checked my Hosts file, browser settings and uninstalled and re-installed up-to-date ZoneAlarm.

I then found that if I added the above DNS to the firewall trusted zone, normal service was resumed.

However, adding a DNS to the trusted zone seems to me to compromise my security.

Why is this suddenly necessary? Does something need changing on the DNS? Any other advice?
24 REPLIES
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

DNS problem or recent change - Firewall impact

Hi,

There have been no configuration changes on DNS in the last few days that I'm aware of and certainly nothing that would only affect one of them.
Have you tried the other two caching DNS servers to see if they need to be entered in the trusted zone, these are

212.159.13.49 & 212.159.6.9
JakTheBiscuit
Grafter
Posts: 149
Registered: 10-08-2007

DNS problem or recent change - Firewall impact

I first tried adding 212.159.13.49 to the trusted zone and this did not cure the problem, so I added 212.159.13.50 too, and this worked. I then removed x.x.x.49 and it still worked i.e. x.x.x.50 was still there.

But I don't like to have the DNS in the trusted zone - is it safe?

I'd also like to know why this suddenly became necessary

Presumably this is not a long-term solution unless I add all the DNSs to the trusted zone, which I am reluctant to do.

Cheers
Community Veteran
Posts: 14,469
Registered: 30-07-2007

DNS problem or recent change - Firewall impact

There are no problems with having individual DNS IPs in the trusted zone - in fact as you have selected to use those DNS servers they must be trusted - right?

I think the problem here is ZoneAlarm and not PlusNets DNS servers. I had similar problems when I was with BTO where often DNS lookups would either be blocked or go nowhere. Adding all the BT DNS servers in the trusted zone solved the problem so I always put DNS servers in ZoneAlarms trusted zone now. This has been happening to me for several years so it's not just recent ZA releases that did this.

So I have the following trusted:

212.159.13.49 - 212.159.13.50 (2 IP range)
212.159.6.9 (single IP)
212.159.11.150 (single IP used for dialup)
212.159.13.150 (single IP used for dialup)

The last two I sometimes switch to if the cacheing DNS servers (.49 & .50) are playing up - although this has not happened for a few weeks now.
N/A

DNS problem or recent change - Firewall impact

That does beg the question, why is ZoneAlarm requiring it to be made trusted?

It's isn't a question of why is it that server not working without it, but why is zone alarm blocking data without it.
Community Veteran
Posts: 14,469
Registered: 30-07-2007

DNS problem or recent change - Firewall impact

Very good question which has been asked numerous times on the ZA forums without any definative answer. Just one of a qwerks of ZA I guess.
JakTheBiscuit
Grafter
Posts: 149
Registered: 10-08-2007

DNS problem or recent change - Firewall impact

I'm just interested to know why I suddenly need to add the DNS to the trusted zone - what's changed?

I've been a plusnet user for something like a year and a half or more, and I've used ZoneAlarm all that time.

It may be that I've only just noticed that I couldn't access these web-sites as I don't go there much, so perhaps there are slightly older changes at plusnet which might explain this.

Has the primary DNS changed for example (it used to be 212.159.13.49) ?
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

DNS problem or recent change - Firewall impact

The primary and secondary DNS are still the same and i can't think of anything that would have changed that could affect ZA like this. Have you updated Zone Alarm at all, it might be a feature of an updated version?
JakTheBiscuit
Grafter
Posts: 149
Registered: 10-08-2007

DNS problem or recent change - Firewall impact

I had been using the version of ZA that first experienced the problem since Feb-2004. I upgraded it after the problem, in order to try and cure it.

The only change I can think of at my end is the MS Windows2000 security update.

It's interesting that adding the primary DNS to the trusted zone did not cure the problem, but the secondary one (212.159.13.50) did.
N/A

DNS problem or recent change - Firewall impact

I found a saved Etherreal sessions for a few months back that included a DNS lookup.

I have to say, there is no real differance between a fresh one and the old one.

Have you updated zone alarm recently?

From looking at this, I can only sugest it being Zone Alarm causing this.

Have you tried finding out why Zone Alarm is blocking it?
THis is the only way you are going to find if it is a PlusNet issue or not.

Just plain "not working" and not knowing why trusting it works is of no use.
N/A

DNS problem or recent change - Firewall impact

Quick Q.

Hi ive got issues again, can I ask is it needed and required for me to change my DNS ?

I too have been unable to access websites like MS and others and well some other websites access just fine. I discovered when I had the same issues last time was due to a programme called Protowall blocking websites but now am wondering since I got the probs recently if its not this DNS problem your on about?

I got a firewall installed sysgate but even with no firewall running I get the same issues... with 90% net not being accessed.

Really weird problem !

Any helps is appreciated, thx.
lhorwath
Grafter
Posts: 1,248
Registered: 10-04-2007

DNS problem or recent change - Firewall impact

Hi there,

We have not had any issues with DNS. Can you supply us with some traceroutes to affected sites please to help us with investigating where the fault may be.

kind regards

Luke
N/A

DNS problem or recent change - Firewall impact

hi horwath thx for reply

But how do I run a trace route?

I mean I click on www.overclockers.co.uk right now and nadda loads, m8s plusnet connection whos at the same exchange connects just fine.

Tried this morning and everything was working fine.

Had this problem before but this time I dont even have protowall installed which I originaly thought was the issue and when 90% of my net wasnt working I just waited 2-3 weeks and it seemed to pass and go back to normal. Now its back to same issues with 90% webpages just dead only a handful work like
http://forum.tech-pc.co.uk

Lines fine I can download 59k via some sites....

weirdest problem ever ive had, any ideas?
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

DNS problem or recent change - Firewall impact

Hi,

To run a traceroute open a command prompt, start -> run -> command and click OK
then type

tracert www.overclockers.co.uk

(or wherever you want to tracert to).
N/A

DNS problem or recent change - Firewall impact

Thx just gave it a try and got this:

over a max of 20 hops

1-4 goes thru plusnet and vlan3 and nildram and gigbayte ethernet and then it just says 5-19+ "request timed out"

I take it thats not normal....