Author Topic: Avast SecureDNS Fails to Recognize Local DNS Servers  (Read 2795 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Avast SecureDNS Fails to Recognize Local DNS Servers
« on: December 17, 2014, 03:21:09 PM »
Howdy,

Company I work for has a ton of internal DNS Servers for Intranet. Recently, My computer has been acting very strange, where all my DNS requests have been failing, redirecting to an IP of 205.178.189.131, instead of resolving to the Correct DNS settings. This has been going on for a few weeks, And I've been wondering if somehow my computer got infected. But how can it? Avast is installed, and I'm very careful about what I connect to, and what I open. I ran everything from TDSKiller, to Malwarebytes to make sure it wasn't something I missed. All came back clean like it should have.

Well if it isn't a virus or rootkit... then It's got to be an application I installed that is doing this.

I started uninstalling all the software that was installed on my computer since this started happening. I did this by sorting all the applications in my Programs and Features Window by date. At the date of when this started occurring, I noticed "Avast Pro AntiVirus" had been "installed" or in this case, updated.

Going through the loaded modules on my avast, I noticed a "Secure DNS". I did some research, and all I can say is... Wow. First the HTTPs web Traffic Interception, and now DNS Hijacking. This is a first for an Antivirus, for me at least.

I'm going to be honest, I can understand why my HTTPS traffic is intercepted by Avast, so it can virus scan it before the browser even sees it. I can see why DNS Traffic is intercepted, so that DNS entries aren't "Poisoned". But from my perspective, avast is acting more, and more like malware every day.

I Digress.

The main issue I'm facing now, And I think should be fixed, is Avast is failing to recognize Internal DNS servers, and redirecting all traffic that doesn't have a public DNS record, to the IP Address 205.178.189.131. From what I can tell, this is a honeypot or something that is run by some company.

 The Simple solution for me is to turn off the Secure DNS. But... If I ever wanted to use Secure DNS in the future? Yeah, Not going to happen if Avast keeps redirecting DNS entries that Avast's DNS servers can't resolve to that address.