Prev: Security. WPA?/-TKIP /-CCMP
Next: Using a Belkin F5D7230-4 as a n access point with a D-Link Router
From: John Navas on 8 Dec 2008 13:55
On Mon, 8 Dec 2008 10:27:07 -0800 (PST), seaweedsl
<seaweedsteve(a)gmail.com> wrote in
<8800055e-759d-4ba6-b259-bca512f53971(a)q30g2000prq.googlegroups.com>:

>Thanks for the heads-up John. I need to think about this for our
>network. I'd like to keep DHCP if possible, for most users. Since
>we are on Hughesnet, which takes a lot more control than most ISPs,
>I believe that no matter what we (or any malware) does, they determine
>our DNS servers.....but I really should verify that.

The most direct solution, as has already been noted, is:

(1) use a hardware firewall device (good idea in any event) configured
to only allow outgoing DNS queries from internal DNS server(s), and

(2) configure internal DNS server(s) to
(a) resolve IP addresses directly, or
(b) forward DNS queries to known good DNS servers
(either ISP or 3rd party).

For home users that want to use DHCP in clients rather than hard coding
DNS server addresses, that can best be accomplished with a wireless
router that:

(a) includes a DNS proxy that can be hard coded as in (2)(b), and
(b) blocks direct DNS queries to the Internet from clients; i.e.,
only allows DNS queries to go to its DNS proxy.

My own recommendation is to make the first external DNS server the ISP
(usually close topologically and fast) and the last external DNS server
a good 3rd party (e.g., OpenDNS) for reliability.
--
Best regards, FAQ for Wireless Internet: <http://wireless.navas.us>
John Navas FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>
From: bob on 8 Dec 2008 19:07
In article <8hlqj45rce52s8gprdpb198utts36molie(a)4ax.com>, John Navas
<spamfilter1(a)navasgroup.com> wrote:

> Here's a tip: When you behave like an 8 year old,
> it diminishes the credibility of what you say.

Then your own credibility is questionable.

To be fair, I don't think you act like an 8 year old. I think you act
like a bratty 12 year old who thinks he knows everything.
From: John Navas on 8 Dec 2008 20:11
On Mon, 08 Dec 2008 16:07:21 -0800, bob <htu88(a)hotmail.com> wrote in
<081220081607213791%htu88(a)hotmail.com>:

>In article <8hlqj45rce52s8gprdpb198utts36molie(a)4ax.com>, John Navas
><spamfilter1(a)navasgroup.com> wrote:
>
>> Here's a tip: When you behave like an 8 year old,
>> it diminishes the credibility of what you say.
>
>Then your own credibility is questionable.
>
>To be fair, I don't think you act like an 8 year old. I think you act
>like a bratty 12 year old who thinks he knows everything.

Welcome to the club. :)
--
Best regards, FAQ for Wireless Internet: <http://wireless.navas.us>
John Navas FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>
First  |  Prev  | 
Pages: 1 2 3 4
Prev: Security. WPA?/-TKIP /-CCMP
Next: Using a Belkin F5D7230-4 as a n access point with a D-Link Router