OpenDNS won't block nos._tcp.nos-avg.cz

Comments

2 comments

  • Avatar
    mattwilson9090

    Blacklisting a domain will block DNS lookups to that domain, and effectively prevent internet traffic from going that domain, but it does nothing to prevent whatever is initiating the requests in the first place.

    Why did you blacklist the domain in the first place?

    It appears that nos-avg.cg is a domain associated with updates for the family of AVG security products. It could also be used for other backend communications depending what particular AVG components are installed. Without knowing anything about your network, including how many computers there are, or what kind of software they are running, I can only speculate that one or more computers are now failing all of their software updates for their AVG software. Given how this type of software operates I'd guess that the rate of lookups for that domain may have actually increased as the software keeps trying to make a connection and do what it's supposed to do.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "I blacklisted these domains but that hasn't stopped anything."

    Not sure what you're actually looking for.  Did you think the DNS queries will be stopped if you blocked a domain?  Far not!

    Queries for these domain names are definitely blocked, as can be seen from "You blacklisted this domain".  I.e. the networking application(s) in your network raising these queries will not be able to resolve these domain names but are provided with an OpenDNS IP address instead of the real result.

    "Why are they making all these requests?"

    The fact that you blocked the domains may even cause to significantly increase the number of attempted queries, because the application doesn't get a satisfying response anymore and may therefore retry again and again.

    And I'm not sure why you have blocked these domains at all.  The zone nos-avg.cz is registered for AVG Netherlands BV:
    AVG Netherlands B.V. is a software publisher located in Amsterdam, North Holland in Netherlands*. AVG Technologies provides a family of anti-virus and Internet security software and features most of the common functions available in modern anti-virus and Internet security programs.

    See what's behind these domains (only if you didn't block them any longer):
        nslookup -type=any nos-avg.cz.
        nslookup -type=any _nos._tcp.nos-avg.cz.
        nslookup -type=any config.nos-avg.cz.

    After all it seems you have successfully blocked your AVG Antivirus program from orderly working, thereby introducing unforeseeable security risks.  I would strongly recommend to not block those domains.

    If you don't like to see the DNS queries to nos-avg.cz domains in your stats, you had to uninstall your AVG Antivirus program and to install a different one.

    0
    Comment actions Permalink

Please sign in to leave a comment.