DNS Servers Keep Changing Away from OpenDNS Automatically

Follow

Comments

13 comments

  • Avatar
    magdiel1975

    So then, anyone that uses my internet at home and they have Avast secure DNS setting enabled, they can surf the net as free as a bird and there's nothing OpenDNS can do about it?

    I still don't understand how can I piece of software can bypass a static dns setting at the router level.

  • Avatar
    rotblitz

    "there's nothing OpenDNS can do about it?"

    No, not OpenDNS, because it is your network, but you can.

    Block port 53 passthrough on the router and allow only the router's IP address as DNS server address, or redirect all DNS queries from the router to OpenDNS.

  • Avatar
    mattwilson9090

    @magdiel1975 If you are the person who has asked this in several other threads it has been explained to you several times in several ways by more than one person. In the case of Avast it is locally installed software that bypasses standard DNS by making a direct and encrypted link to their servers. If you are concerned about people coming onto your network and doing things you don't want them to do, then don't let them on your network in the first place.

    If you choose to let them on your network anyway then you need follow standard security practices and lock down what you can. Besides, even if OpenDNS or any other DNS service could block this specific thing, all they need to do is use a VPN connection and they can bypass pretty much any filtering or security that you have in place.

  • Avatar
    pastelaso29

    @rotblitz..

    blocking port 53 does not work either if the user has avast dns server enabled, it somehow bypasses all the configurations at the router level :(

    @magdiel1975

    I understand your concern 100%

  • Avatar
    pastelaso29

    @magdiel1975

    if you have the capability of adding firewall scripts in your router, you can use

    iptables -I FORWARD -i br0 -o vland2 -j DROP

    to block VPN leaks, but as mentioned before, if the user has avast dns enabled, it will bypass the router firewall iptable settings, so obviously this won't work in that case.

  • Avatar
    magdiel1975

    thank you pastelaso..

    you are correct.. with the iptables code in my router, I cannot connect to my work vpn, but with another computer I have with avast dns enabled, I could.

  • Avatar
    magdiel1975

    wanted to point out that the script has a typo.. 

    "iptables -I FORWARD -i br0 -o vland2 -j DROP"

    it's supposed to be  "iptables -I FORWARD -i br0 -o vlan2 -j DROP"

  • Avatar
    pastelaso29

    ooops.. 

    Good catch..my apologies :)

  • Avatar
    rotblitz

    @pastelaso29
    "blocking port 53 does not work either if the user has avast dns server enabled"

    Yes, but this was not about "AVAST! Secure DNS".  For Avast you'll want to refer to this thread:
    https://support.opendns.com/entries/57943894

  • Avatar
    magdiel1975

    @rotblitz

    I see that magdiel1975 has already posted his question on that other thread..but that other thread only show how to disable the avast feature, which I don't believe it resolves his issue.

    @magdiel1975

    I don't think there is anything you can do about blocking Avast DNS or any other DNS on your network, since you have stated that blocking port 53 has no effect on Avast DNS.. good luck with that mate

  • Avatar
    magdiel1975

    @rotblitz

    I have already posted my question on that other thread..but that other thread only show how to disable the avast feature, which I don't believe it resolves my issue.

  • Avatar
    rotblitz

    "I don't believe it resolves my issue."

    Sorry, but then I didn't understand what your issue was.

    No matter, this thread here is about "DNS Servers Configuration Keep Changing Away from OpenDNS Automatically" and is from a year ago, listing an (outdated) version of a DNSCrypt preview, Comcast's Constant Guard, the privateinternetaccess VPN service, and apparently later updated with AVAST! ! Internet Security 2015 which is also handled in the other thread I linked to above.  It is to provide instructions about preventing these softwares from changing the computer's DNS server settings, not more and not less.

    Therefore one of these items would be your issue, else you would not have posted in this thread but opened a new one.

    Ah wait, is this your issue?

    "So then, anyone that uses my internet at home and they have Avast secure DNS setting enabled, they can surf the net as free as a bird and there's nothing OpenDNS can do about it?"

    Although this is off-topic in this thread, the answer to this is: yes, and yes, i.e. yes to all, except for the "can surf the net as free as a bird".  Your router may have other restriction methods beside DNS, so use these.  Examples would include MAC address authentication and port and IP address filtering, maybe keyword filtering.

    "I still don't understand how can I piece of software can bypass a static dns setting at the router level."

    This is because this (and other pieces of) software do not use the router's DNS settings but their own DNS settings.  Therefore they seem to "bypass" your router settings.  But no, this is not bypassing, but just not using (i.e. ignoring) them.  Not only normal home consumer routers are often not fool-proof enough to prevent from being able doing this.

    And also, people even pay for this piece of AVAST! software, so they can expect that it really does what it is supposed to do, else it would be a bad product if the Secure DNS function wouldn't reliably work.  People would correctly complain with the supplier then and would demand their money back.  This is not the risk a company with good reputation should take.

  • Avatar
    cuvtixo (Edited )

    I believe magdiel1975  fundamentally misunderstands how DNS and the Avast software works. Just because someone has the software or the DNS numbers doesn't mean they automatically have access to the network. For one thing, there should be a password on the computer to log onto the computer, for example. Then the wifi network should have it's own password. No passwords, no access. Roblitz tries to explain the other safeguards on the network. I'm sure magdiel1975 doesn't understand how silly her question sounds: IF I HAVE A KEY AND A LOCK DOES THAT MEAN ANYONE WITH THE KEY CAN OPEN THE LOCK??   AS FREE AS A BIRD?  Yes magdiel, if you give someone a key, they can open the lock the key belongs to. I don't want to get too technical in describing how this works, let's just say it's magic.

Please sign in to leave a comment.