Heads-up: Excessive DNS queries by AVAST 2015

Comments

14 comments

  • Avatar
    john_rogan

    I have about 6000 queries. Perhaps it's Symantec doing the same thing. It was just installed yesterday and now all the queries. Drove me nuts since last night.

  • Avatar
    john_rogan

    on a server with 30 users at that.

  • Avatar
    sulphate

    I know this post is over a month old now, but I first noticed this problem around the same time as OP. However I have only just discovered for sure that Avast was the cause and was the last place I thought to look, Many hours wasted over this problem.

    I was getting around 5k peak total requests at one point per day and around 1000 unrecognised websites, around 42 of these were pornographic.

     

    I posted on Avast forums about this a few hours ago https://forum.avast.com/index.php?topic=163825.0

     

    Wish I'd found this post sooner, would have saved me many hours

  • Avatar
    mattwilson9090

    I'm not sure why you're posting this here. Is there something that you want OpenDNS to resolve or look into, or are you just commiserating and sharing your experience? It certainly seems that Avast is doing a lot of DNS look-ups, but "a lot" is also relative to the size of your network and what's being done on it.

  • Avatar
    john_rogan

    hi matt,

    it's the same topic, why would it not  be posted here?

  • Avatar
    mattwilson9090

    I didn't say it shouldn't be posted, I was asking why you were posting it, and by extension, what you were hoping to accomplish. I wasn't sure if there was something that you wanted OpenDNS to do about it, or some other reason, such as, like I said, commiserating with others who have seen the same thing.

    This is DNS traffic initiated by Avast software, and OpenDNS is performing properly by doing the DNS lookups. Any other DNS system that was logging your lookups would show the same activity in the same amounts.

  • Avatar
    sulphate

    "what you were hoping to accomplish"

    No ulterior motive, other than trying to help any other people out with this problem and save them time by maybe findiing this first. As the title was "Heads Up", this seemed acceptable.

    I already exchanged serveal support tickets with OpenDNS in the early days of seeing this problem before i determined the cause. and wasn't asking for any help from OpenDNS.

    I hope this clarifies my position.

  • Avatar
    mattwilson9090

    I wasn't accusing you of an ulterior motive, or anything else. I just wasn't sure why you were posting what you did since this same topic had already been discussed in this and other threads. I really couldn't tell if you were just providing information that had already been provided, or if you were expecting something to be done. I was just asking for clarification, which I've now gotten.

  • Avatar
    sulphate

    I was only aware of this thread on the matter.

    I'm deeply sorry for disrupting your Community Help browsings/New Year.

     

    Adios.

  • Avatar
    lucyloo1

    How Avast Anti-Virus Affects OpenDNS Reports

    This is not a recent thread but, this is my experience with the same issue.

    With the help of OpenDNS Support (Daniel), I recently discovered how using computers installed with Avast anti-virus generates a large number of dns requests in very short period of time. Many of these requests may be blocked for users that have filtering set as there are amongst others, a large number of porn sites included. For users relying on the opendns reports to establish if blocked sites are being accessed by users on their network, they may easily jump to the wrong conclusions about what is happening.

    It is the Avast software itself that is sending these requests. It sends requests to the top 1000 most popular sites worldwide, and these requests will show up in the opendns reports. The 'Total Requests' report shows a spike of approx. 2000 requests when a windows computer with Avast installed on it logs onto the internet for the 1st time on any particular day. I am not quite sure why the total number of requests is double the number that Avast is sending. Apparently, Avast sends these request to try to establish if the users router has been compromised and to see if the requests go to the sites that they are supposed to (or are redirected to malware infected websites).

    I don't doubt that Avast believe this functionality is justifiable for security purposes but, it is effectively incompatible with opendns, as it makes it difficult to make use of the reports for checking 'normal requests' by users. I have now uninstalled Avast from my windows laptop and installed an alternative AV package called Avira. I have not yet tested Avira to establish if it is free from this undesirable behaviour but, I will be in the next week or so. I also don't know if other AV software has the same functionality. But, I think it is important that all opendns users who are using the system to filter / manage website access are aware of this and take account of it.

  • Avatar
    198khz

    Thanks lucyloo!

    As a recent user of OpenDNS, this problem has been driving me nuts for the last week. I shall investigate further and check back with this thread.

  • Avatar
    lucyloo1

    As far as I can tell, Avira AV does not generate DNS requests in the same way as Avast. I have swapped over to using this instead.

  • Avatar
    Chris Frost

    As @lucyloo1 mentioned, Avast is known to make seemingly random DNS request to top websites for security purposes, that will show up in your DNS stats reporting. To our knowledge Avast is the only AV that does this. 

  • Avatar
    198khz

    Thanks Chris,

    Yep, that certainly correlates with my own results since disabling Avast. Time to give Avira a whirl.

    Anyone know what these supposed 'security purposes' are?

Please sign in to leave a comment.