OK, I finally got it working. Sort of. I can ping the LAN. I can ping the internet. I can even get to web sites if I know the IP. But when I ping an internet domain from a client with no IP (even something as simple as yahoo.com) it goes "Huh!" as only computers can do, and sits doing nothing.

Any ideas what I have to do to get ZA (and please, no more stories about what a fool I am to use ZA--those are not helpful at this point) to allow DNS? Or diagnostics I can run to figure out where the problem is?

[Update a few minutes later]

OK, I still don't know why it's not doing DNS properly, but I fixed it by assigning some DNS servers manually to the client (Earthlink's). It seems to work now, but it also seems like a kludge.

Rand, this may be related to a problem I had when I bought a new ethernet ADSL modem a few months ago and a router. I had a heck of a time getting the modem to connect to the net yet everything checked out as you describe. I tried just about everything on all the modem setup menus over a couple of weeks before calling the modem manufacturer.

Fixed by going to (thanks to Netcomm tech support)
Windows start button then run and typing winipcfg then enter.

You get a little box with "release" and "renew" buttons.

Did this and everything worked AOK

I have NO idea what this actually does but maybe this could help you FWIW.

Mr. Borgelt;

Those actions release the DHCP address assigned to the machine and then get a new one, which will usually be the same one. However, when the new address comes in it can be set to have other information attached, such as the address of DNS servers.

Mr. Simberg;

Isn't a kludge good enough? Wasn't your original premise that you just wanted something that would work for a while and not cost additional money?

from an earlier thread:

"DNS will be another issue -- hopefully the gateway machine will proxy, otherwise your inside machine(s) won't have the DHCP-provided ISP DNS address."

How about setting up the client with a fixed IP address of the gateway machine (same address as the gateway 192.168.0.1). This will work IF the gateway machine (or ZoneAlarm) provides a DNS proxy. Still a bit of a kludge (you'd rather have all the inside machines DHCPing to the gateway without having to think about it, but if that worked we wouldn't be reading all this), but less of one.

for diagnostics for DNS on Windows, try nslookup (and then "help"). More tool to hack with than diagnostic, but it will let you play with settings.

To do a ip release from a Win2k/XP client go to

Start
Run
Type cmd
at the command prompt type ipconfig -rel
then type ipconfig -ren

To verify verbose IP configuration settings bound to your LAN ethernet adapter just type ipconfig -all

Yes turning off DHCP, enabling static IP addresses on all your clients, specifying your internet gateway address, specifying your service providers DNS servers addresses, and just for the fun of it enabling NETBIOS over TCP can increase the reliability of your connection to the IP internet. Microsoft generally poopoo's UDP connections as being highly unreliable and typically is used to transfer small randomly arranged packets of data. The big trade off is that one type of connection obviously requires more user intervention and maintenance than the other.

Also keep in mind that in this day and age of DoS attacks a lot of service providers don't allow ICMP communications to occur between hosts (ping tool). For example if I try to ping cnn.com through my provider SBC then I don't even get a destination host unreachable report I just get a nice ping request can't find host error.

Manually entered DNS server IP's are the ongoing kludge at our house, as our ISP's dns servers (cox.net) are not reliable, and I've been too lazy to setup my own internal one.

There are some fast, publicly open DNS servers that one can use rather than run their own. 198.59.109.7 (run by cybertrails.com) is a deliberately open dns server for public clients, and I've found it to always be very fast.

Back in the bad old days almost all dns server would answer queries for clients and any domains they host, but in the nasty modern world it's not so more and more of the time. ISP's will have one set of servers to handle queries for domains they host, and another for clients on their network to use (non-recursive lookups in the first case, recursive ones in the second for those who care).

But again, 198.59.109.7 is the fastest and most reliable public recursive dns server I've found in the last 2 years of un-reliable ISP client dns.

Well it looks like the DNS bug is starting to bite me now. All of sudden last Tuesday I was getting 700ms+ pings on Counter-Strike. I've touched just about everything configuration wise and page are just taking forever to load. Thanks for the public IP address David Mercer, I've been looking for a while now and couldn't find one but suddenly remembered this conversation and boom there it is.