DNS and Nameservers … not just DNS!

Dog tags with the nameservers for 123-reg on it

Here’s a lesson that I’ve recently learned, that I wanted to kindly share with you.

If you’ve just cancelled a Web hosting account with, say WebFusion, and you want to set up Web Forwarding in your — let’s say — 123-Reg account to point to a new blog you’ve created at — picking one at complete random — WordPress.com: don’t try to set it all up in the midst of trying to solve an IE6 CSS-related problem at 12:50 am.

Because inevitably something is going to suffer, and thankfully for the University of St Andrews is wasn’t the IE6 CSS-related problem.

I had to do two things:

  1. Reset the DNS back to 123-reg default IP (194.154.164.90)
  2. Change the Nameservers back to 123-reg (ns.123-reg.co.uk and ns2.123-reg.co.uk)

Turns out that I did half the things I needed to do. So that’ll be another 24-48 hours until I can get going.

If only I knew someone who was good with Web-related stuff … ahem!

Meet @documentally …

When I visited London all those weeks ago — mid-May, although according to The Other Place it was Yesterday — I met a bunch of kindly geeky, social media types in a posh hotel next to the Beeb in central London.

For most of the meet-up I sat between @solobasssteve and @lobeliasabo and cracked on with some Web design bits and pieces on my laptop. I got involved in the conversation once or twice but mostly just listened in while trying to sort out a CSS issue I was struggling with.

Our Man Inside

One of these fine fellows was a photographer/documentary maker called Christian Payne, who goes by the moniker @documentally on various social media sites.

When I got back to @solobasssteve’s in the evening I duly added @documentally to my list of Twitter followees and have been … well, I guess eavesdropping on his public internet conversations and twitterings. And I have to say that I really wish that I’d been less reserved and engaged in a deeper conversation with Christian because his Tweets, his Qik postings and Seesmic natterings are fantastic!

Qik

Qik is an online service that enables you (with an appropriate phone, such as the Nokia N95) to stream video directly to the internet. It’s @documentally’s Qik posts that I’ve enjoyed the most. I described them recently as being like a Quentin Tarantino film with all the beauty of the minutiae but without the extreme violence and swearing!

Over the last couple of weeks he’s Qik-ed about taking his dog for a walk, petrol prices, he’s interviewed Tony Benn at Euston Station, chatted with the owner of a pipe shop, been to the O2 Festival and opened a couple of exciting parcels — including one containing a Special Forces watch and, this one above, unpacking an Eye-Fi SD card.

A lot of blogging and video blogging gets criticised — often rightly — for being mundane. Who wants to know what you’ve had for breakfast or that there are 139 cracks on the pavement between your house and the bus stop?!

But Christian’s posts are interesting, humorous, intriguing, enthusiastic and professional. I really look forward to reading in my Twitter stream that there’s another Qik video from Christian, because they sure are better than almost anything that’s on telly right now … the Tour de France aside, of course!

Microsoft Update KB951748 and ZoneAlarm woes

ZoneAlarm

Update: There is now a fix for this issue, see my blog post: Fix for MS Update KB951748 and ZoneAlarm.

Well, that was a quick break from blogging! Actually, it was my experience with Windows Update and the ZoneAlarm firewall today that’s brought me out from my self-imposed blogging exile this week.

I’ll cut to the chase: ZoneAlarm + Security update for Windows (KB951748) = no internet connection.

This is how ZoneAlarm themselves put it:

Microsoft Update KB951748 is known to cause loss of internet access for ZoneAlarm users.

The problem

Basically, this software update is designed to fix vulnerabilities when you’re surfing the Web. It updates a handful of files that are associated with connecting to the internet, including a few to do with TCP/IP which is one of the standard ways that computers can connect to the internet and one another.

Or, here’s how Microsoft put it in Microsoft Security Bulletin MS08-037:

This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.

And somehow this update has confused the ZoneAlarm firewall into preventing any connection to the Web. Well, not strictly any connection as I could still ping sites, but that quickly gets tiresome.

That’s a bit like wanting to go shopping, but not being allowed out of the house, so instead you just phone round the shops you wanted to visit to find out if they are open.

Workarounds

ZoneAlarm offer three workarounds:

  1. Uninstall the hotfix (recommended)
  2. Add your DNS servers to the trusted zone in ZoneAlarm (advanced)
  3. Reduce Internet Zone Security level to Medium (not recommended)

Uninstalling KB951748

I wasn’t going to try #3 (although I tested it and it does work); I tried #2 … it didn’t work; so I was left with no option but to uninstall the so-called security fix.

  1. Click the “Start Menu”
  2. Click “Control Panel”, or click “Settings” then “Control Panel”
  3. Click on “Add or Remove Programs”
  4. On the top of the add/remove programs dialog box, you should see a checkbox that says “show updates”. Select this checkbox
  5. Scroll down until you see “Security update for Windows (KB951748)”
  6. Click “Remove” to uninstall the hotfix

Hopefully ZoneAlarm will have a fix soon. I just checked the ZoneAlarm forums and funnily enough it looks quite popular today: “There are currently 132 members online and 22375 guests”.

Still, if you have installed KB951748 — a number that I think I’m now going to see in my sleep tonight; and I’ve been having enough weird dreams this week — and have ZoneAlarm installed, and have rebooted your PC, and you can’t connect to the internet … I do hope you can somehow download this information telepathically.

Such is the irony that the internet contains a whole load of information about how to fix internet connection problems … if only you could connect to it to read that information. There’s a hole in my bucket … !

ZoneAlarm + KB951748 = no connection

Update #2

I meant to update this earlier.  There is now a fix, which you should download from the ZoneAlarm website.

Original post

For those of you that didn’t see this at the other place: Microsoft Update KB951748 and ZoneAlarm woes

In short: ZoneAlarm + Security update for Windows (KB951748) = no internet connection.

Update 1

For those folks who don’t bother clicking through to my other blog post: the advice from ZoneAlarm is to uninstall the KB951748 hotfix until there is a more robust solution from either Microsoft or ZoneAlarm.

Setting your Internet Security level to Medium isn’t advised for long-term use — it opens your PC up to more risks than it’s worth.

Or just uninstall ZoneAlarm and use the Windows XP built-in firewall.