nypix
@optonline.net
| reply to StreetSpirit
Re: [OOL] [Guide] Using OpenDNS.com with or without Treewalk.
My peerguardian 2 doesn't seem to be picking up after installing treewalk.
I haven't followed the rest of your guide yet but all I want is better DNS response.
I also use the host file from this site.
»www.mvps.org/winhelp2002/hosts.htm
I recall your PC uses this first so it shouldn't be a problem or could it? |
|
nypix
@optonline.net | I should reiterate. PG2 isn't picking up where it used to, but since treewalk it's going out on port 1026 to sites I haven't seen come up before.
Any thoughts? |
|
StreetSpirit
Premium
join:2002-08-13
Roslyn, NY
 ·Optimum Online
 ·Verizon Online DSL
1 edit | Hi - I'm sorry you had trouble. I did not write Treewalk nor BIND, but am simply a user. You might wish to ask for some support in the forums @ »ntcanuck.com or on Steve Gibson's news server which hosts the Treewalk newsgroup.
While I'm not familiar with Peerguardian from personal experience, I know what the program does. I am, however, quite familiar with BIND (Treewalk). The only ports BIND and by extension Treewalk should use out of the box, so to speak is the privileged ports TCP 53, UDP 53, and TCP 953. UDP packets over 512 bytes will usually be resent over TCP; the reply DNS data packets will be received over UDP or TCP on an ephemeral (>1024) port(s).
This is all very normal DNS server/resolver message behavior.
»treewalkdns.com/faq.htm#a-tw_ports
You can control which ports it uses by stopping the service, editing named.conf and restarting the service (although it's hard to imagine a conflict since these are standard.)
It should use no ephemeral ports at all in use unless a long DNS reply is being sent from a DNS server over a high port.
In any case, here's the area of named.conf that controls ports BIND listens to (and by extension holds):
a) edit %windir%\system32\dns\etc\named.conf
b) look for:
controls {
inet 127.0.0.1 port 953 <-- Control Port
allow { 127.0.0.1; } keys { "rndc-key"; };
};
// and
options {
listen-on port 53 { 127.0.0.1; }; <-- Exposed DNS port.
};
--
HTH,
Dave |
|
StreetSpirit
Premium
join:2002-08-13
Roslyn, NY
·Optimum Online
·Verizon Online DSL
| reply to nypix
said by nypix :
My peerguardian 2 doesn't seem to be picking up after installing treewalk.
I haven't followed the rest of your guide yet but all I want is better DNS response.
That's simple enough. If you're using a router, no router, Windows, Linux, or even a smart phone, visit »www.opendns.com/start/at_home.php to get instructions. For example, say you have Windows XP without a router, view the page »www.opendns.com/start/windows_xp.php in that case for screen captures and detaild instructions on using PowerDNS.
Essentially you will be changing your DNS at your router or PC to 208.67.222.222 and 208.67.220.220.
Hope this helps.
Remember you can choose any other two "tier-2" DNS servers (tier 2 means those who reply to clients.)
My next message will include a method to TEST dns servers and a few tier-2 servers which can be accessed by us.
Good luck. |
|
StreetSpirit
Premium
join:2002-08-13
Roslyn, NY
·Optimum Online
·Verizon Online DSL
| Re: [OOL] [Guide] ANALYZING DNS SERVERS ONLINE
Here's a great tool which can help you judge the DNS server by commonly recognized criteria, tested on the fly.
• Visit »www.dnsreport.com/ and enter the server to be tested, or simply plug your server and domain as below
• Alternate Method: Examine this URL. Notice two changable parameter accepted by the dnsreport.Ch script:
http://www.dnsreport.com/tools/dnsreport.ch?domain=dslreports.com&server=208.67.222.222
domain=somedomain.tld
-and-
server=x.x.x.x (a DNS server to be tested)
So say we want to test 167.206.3.207 and have it look up the domain dslreports.com - we would use a line like this:
http://www.dnsreport.com/tools/dnsreport.ch?domain=dslreports.com&server=167.206.3.207
Enjoy, wonderful tool imo.
--
Regards,
Dave |
|
StreetSpirit
Premium
join:2002-08-13
Roslyn, NY
·Optimum Online
·Verizon Online DSL
| Here are some DNS Servers to switch to in a pinch - although I do not support using servers from another ISP, not specifically designated as free-access DNS servers, as you're causing load and interfering with legitimate users of the ISP/service
I was asked to post this anyway even with ethical reservations.
Therefore, Lexx Luthor, If this violates the spirit of the forum, as it well may, please remove this particular message. Thanks.
• Speakeasy non ip range restricted nearby servers:
216.231.41.2 (Washington DC - probably)
216.254.95.2 (NY, Massachusetts and Pennsylvania)
64.81.159.2 (Baltimore and Washington DC)
66.92.64.2 (Boston, Massachusetts)
66.92.224.2 (Philadelphia)
66.92.159.2 (Washington DC)
--
Regards,
Dave |
|
