Hello all,

I have added my ISP's (3 for dial-up) DNS Servers (so total of 6 server #'s) to the global rule for 'Allow DNS Resolving (UDP)" under the remote host category.

My question then is, do I set the "Allow DNS Resolving (TCP)" to 'deny it' or do I also add my DNS Servers under remote host there as well.

I have Outpost Pro V2 and Windows ME, stand-alone computer, no network.

Thanks so much,

gunnarj

The option is yours gunnarj I have never needed more than the UDP rule myself. The other option is to disable the rule and see what effect if any that has on the connection if you see no ill effect you can leave it disabled or delete it from global rules entirely.

Allowing TCP is essential for Windows NT 4 clients and for servers running Windows 2000+ and/or Email servers. Otherwise, you should never have any need for that protocol.

Generally speaking, most programs use UDP to access the DNS servers by default. However, when the contents of the query exceed the maximum packet size, the program will need to use TCP.

As you can imagine then, when an email server contacts the DNS server to locate the addresses for a hundred different domains in one go, the packet size increases to the point that it can no longer be handled by UDP - hence the switch to TCP.

I would be very surprised if a client machine running Windows 9x/W2K ever needed to use the TCP protocol - so I would block it to tighten the security. (You can always create a rule in the (highly) unlikely event that it causes a problem).

Thank you both for the replies.

I have unchecked the global rule for "Allow DNS Resolving (TCP)"
and will see how it goes. I assume to uncheck the rule is just as valid as leaving it unchecked but set to "deny". Is that correct?

Two more followup questions.

1.) With the global rule for 'Allow DNS Resolving (UDP)" set with my ISP's DNS Servers, do I need to have the Outpost plug-in 'DNS Cache' enabled?

I know this has been discussed, but this DNS stuff is confusing to me.

2.) I would like to know if there is an appreciative difference in speed of opening websites etc. with any particular DNS setup in general?


Thanks again,

gunnarj

Look at the Domain Name Server as a kind of telephone directory enquiry service. You might have the name of the person that you want to call, but without the telephone number, you've no way of contacting that person.

In the same way, when you type in www.Agnitum.com, your computer does not have the IP number that it really needs to connect to the website. So it phones the DNS server to ask for the number.

The DNS cache can be likened to a personal phone book that you keep by the telephone. Once you have the number, you write it in your book so that you don't have to call the operator to ask for the number anymore. In other words, the DNS cache makes a note of the websites that you have visited and retains the IP number of those sites, so that it doesn't have to contact the DNS server anymore.

Obviously, since it doesn't have to 'phone the operator', your computer will connect to websites quicker with the DNS cache turned than it will if the cache is turned off.

To summarise then, the upside to leaving the cache on is an appreciable increase in connection time to websites. The downside is that anyone inspecting the Outpost DNS log/cache properties will know that you've been to www.dilbert.com, www.yahoo.com etc. On or off then is your choice - leaving it off will not prevent you from connecting to where you want to go.