BIND and ZoneAlarm
Peter Dambier
peter at peter-dambier.de
Wed Jul 19 13:10:14 UTC 2006
Stefan Puiu wrote:
> Hi,
>
> On 18 Jul 2006 10:21:06 -0700, Eugen COCA <ecoca at eed.usv.ro> wrote:
>
>>Joseph S D Yao wrote:
>>
>>
>>>It should be possible for any reasonable "personal firewall" IP blocking
>>>/ filtering software.
>>
>>Theoretically speaking YES, practically NO.
>
>
> If what you're saying is true, I guess we can infer that ZA is not a
> reasonable "personal firewall"? :)
It is not ZA but personal firewall in general what is not reasonable.
A firewall is not a peace of hardware but a concept. The "real" firewall
emerges somewhere in the link between boxes.
A personal firewall is a lack of concept. It is broken by definition.
A "real" firewall isolates boxes. By capturing one box you still dont
have access to the other box.
You dont need to break a personal firewall because you are already the
box.
>
> You didn't specify *what* didn't work, at least in your first post.
> Details are important, I guess specifying the version of BIND used,
> the version of ZA used wouldn't hurt, plus the things you are trying
> to achieve... This seems more like a ZoneAlarm question, though, I'm
> not sure how many people on this list have played with it that much.
>
I have played with windows eXPerimental and CoLinux.
The relaying of UDP packets between the windows and harware on the one
side and the CoLinux on the other side is unreliable at best. Putting
another peace of software in between does not improve it. I guess
Bind will lose packets. From outside you will see a Bind that does
not repond to very well.
>
>>BIND does not work with Zonealarm, even if ZA is unloaded (service
>>stopped). I made numerous tests, on two different systems - secondary
>>zones are not transferred. On other system, without ZA, BIND works
>>properly.
>>
From what I have seen with CoLinux it is drivers. They still hang
arround intercepting packets that other people miss.
>
>
> What kind of tests? Last time I used ZA, if you stopped ZA no traffic
> at all would be let through, IIRC, so that scenario shouldn't be
> expected to work anyway.
>
> Stefan.
>
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
More information about the bind-users
mailing list