DNS Updater Shows wrong IP... sometimes.
DNS Updater shows alternating for minute(s) IPs, my correct IP and 92.242.140.2 switching This IP only shows up in the DNS Updater. I checked and my IP isn't NATd or proxy from my ISP.
The Updater log shows just my correct IP... so what's that other one? My ISP (Cox) have said they do not recognize it. Any ideas, and why would the updater see any other IP address anyway?
TIA!
Dave
-
I'm not quite following what you are describing. Could you provide a screenshot of what it is that you're seeing? Because many of the people on here blacklist file sharing sites please attach the screenshoot with the "Attach File" link just below this text entry box.
Are you having any problems with OpenDNS working for you? Is it possible that the computer that is running the Updater is also using some sort of VPN, tunneling, or perhaps even proxy service?
-
Also, there could be a mismatch between your DNS IP address and your web IP address:
Your DNS IP address: nslookup myip.opendns.com. 208.67.220.220
Your web IP address: http://myip.dnsomatic.com/ -
Hello Dave,
It looks like the IP 92.242.140.2 belongs to "Barefruit Ltd". This thread on BT's forums seems to indicate that there's some sort of "self-help" software that BT runs to point to this IP. Could you take a look to see if you have anything like this installed on your computer?
-
When I run DNS Updater it reports the wrong IP. It will stay like that for minutes, even with me clicking the update Now button. After a few minutes it will automatically update with the correct IP. Again, a few minutes later, the IP will change to the wrong IP. This cycle repeats.
- With the wrong IP displayed, my router and IP lookups (including myip.dnsomatic.com above) all report my correct IP.
- Info: Cox ISP, SB6120, and EA6300v1 (latest FW that uses the the routers IP as the DNS IP to clients)
From working the issue some more I see this is likely related to my Linksys EA6300v1 router. I see the same issue on all the Win10, Win7, various hardware platforms, wired and wireless connections I've tested this. Other routers I've tried, I see the IP detected by the updater behave normally.
This weird behaviors may be academic as OpenDNS functionality isn't affected... but that wacky IP is troubling.
WrongIP.jpg
RightIP.jpg
WrongIP_2.jpg
History.jpg -
rotblitz...
C:\Users\User>nslookup -type=txt debug.opendns.com
Server: Zaphod
Address: 192.168.1.1Non-authoritative answer:
debug.opendns.com text ="server 5.ash"
debug.opendns.com text ="flags 20 0 72 1B50800000000000000"
debug.opendns.com text ="originid 22708909"
debug.opendns.com text ="actype 2"
debug.opendns.com text ="bundle 6289553"
debug.opendns.com text ="source 72.192.203.210:51575"
-
Okay, I've worked with support from my ISP, my router manufacturer, and advice from other net-heads and I have a couple questions to help pin this down...
Using CLI "nslookup", and "nslookup myip.opendns.com" I get responses for my correct public IP while the OpenDNS Updater program is showing the wrong IP of Barefruit service/server. Any ideas how or why?
FWIW - My ISP is (Cox) is using Barefruit for catching NXDOMAIN hijacking... and I do get their hijacked response... even with OpenDNS set in router in and clients.
-
Thanks Rotblitz... that makes sense to me, but can you expand or have any ideas how OpenDNS usage could be random, not permenently set, being dropped, or overriden? OpenDNS is the DNS setting in the router, never changing, being used by clients, OpenDNS filtering is working but also NXs are hijacked, and the Barefruit IP being detected as my public IP by the OpenDNS Updater. -
I had the same symptoms that dlarkin_dc was reporting -- mostly. The difference between he and I was the output from the NSLOOKUP. Mine came back very different from his. His was normal, mine menioned my EMPLOYERS domain.
It turns out that my problem was due to prior configurations required to access my employer network from my home PC (This PC). Those configurations are what was causing OpenDSN Updater v2.2.1 to "sometimes" get the wrong IP -- just like dlarkin_dc reported.
Now I'm pretty sure that my solution won't suit him, but someone else reading this post MAY have the same problem I had. Others may be like dlarkin_dc. I wish them all luck in resolving it.
What *I* did to fix this was:
> go to Network and Sharing Center (Win8)
> Change Adapter Settings
> view my "wifi" adapter Properties
> view my "IPv4" Properties
> view my "Advanced" IPv4 Properties
> view the "DNS" tab
> REMOVE my employer DNS suffixes from "Append these DNS suffixes (in order)"
> ADD two OpenDNS addresses (nameservers) to "DNS server addresses, in order of use:"
> > I added 208.67.222.222 and 208.67.220.220Good luck to you all
adv_dns_ipv4.PNG -
Hi Brian,
I'm glad to hear that, a.) I'm not the only person seeing DNS hijacking interfering with the OpenDNS, and b.) that you already have a handle on things!
FYI - My final fix for the initial problems was to created a dedicated subnet for OpenDNS client devices with OpenDNS set up on router and clients, and use the DNS Updater running in the background.
-
@dlarkin_dc
Sorry, just seeing that I missed to respond back to you in September..."can you expand or have any ideas how OpenDNS usage could be random, not permenently set, being dropped, or overriden?"
Well, any traffic, also your DNS traffic, goes through the equipment and network of your ISP. They can do with it what they want, no matter what you configured. In your case I could imagine that they investigate the response packets coming back from OpenDNS, and if they detect an NXDOMAIN result, they may change the response packet content to hi-jack your browser to an advertising provider (Barefruit) where the ISP (Cox) has sold their NXDOMAINs to. Different constructs are possible, but hard to see unless someone measures what's going on.
If you don't want them doing this, you could go for https://dnscrypt.info/ - this would most likely prevent them from interfering with your DNS traffic.
Please sign in to leave a comment.
Comments
19 comments