The thing that instantly strikes me is that a) The rule should be for Out only (bi-direction rules with ports specified rarely work as expected & DNS queries should not be inbound) and b) the Source Port should be Any (it will not be 53, which is why the bi-directional rule will not work).
If you disable the DNS client some applications will start sending their DNS queries directly to your configured DNS Server(s) of your connection, i somehow doubt that 192.168.10.101 is your router, i think that’s the ip address of your PC, can you please verify using a command-box (Start, Run, Cmd) and then type:
And press Enter after that, it will show your IP Address subnet Mask and the Gateway Address.
I just modified it and it still gives out those errors. Thanks also for the explanation, it sounds right but wonder why it still shows up with those errors and uTorrent gives a “hostname not found” error but still downloads somehow… strange
Sorry, I should probably explain further. In most cases, the router (192.168.10.1) often acts as the DNServer. This is specified in Windows under the advanced options of the LAN adapter that the router is connected to. However, the router usually tweaks things to transfer those requests to the proper DNServers (primary & secondary) defined by the ISP. Routers often have browser-based status pages to show this information & to change it.
It’s odd that CIS is mentioning file LAN IP addresses in the blocks… this implies that CIS doesn’t know about the relationship between 192.168.10.1 & 192.168.10.101. I suspect it should be a trusted one. I don’t think CIS should interferer in LAN communications between LAN members & the router at all. Ronny?
Well that depends on your configuration, you can completely isolate your system from the rest of the LAN and not trust anything, then you also have to allow traffic from your pc to your Router in this case acting as a DNS Relay, it just picks up the DNS Query like www.comodo.com and forwards it to the upstream DNS Servers from the provider like you explained.
Now if you disable DNS Client on windows then the applications can no longer ask DNS Queries to the Windows DNS Client (Cache) and thus the application has to connect to the DNS Server configured on the IP Stack in this case the 192.168.10.1 so some applications need outgoing traffic like this configured:
Destination Any (Or Single ip 192.168.10.1)
Source port Any
Destination port 53
Once this is applied the Application should be able to connect to the DNS Server.
Kail had a great idea to look over uTorrent’s rules… upon verification, the DNS rule was located below the ‘Block and Log All Unmatching Requests’, upon moving it above, no more Port 53 ;D
Though, at the same time I opened a pre-set port in the router:
'Allow Virtual Server DNS WAN,* LAN,192.168.10.101 UDP,53 ’
should this be open at all or is not necessary?
The General Rules consists only of one single Block Rule:
‘Block ICMP In From IP Any To IP Any Where ICMP Message is ECHO REQUEST’
I’ll apply Ronny’s rule to any app from now on that shows up with those errors. Glad it works now but I think it’s even better that now at least I have an idea on what is going on, at least I hope I do