Author Topic: Avast SecureDNS is leaking.  (Read 2093 times)

0 Members and 1 Guest are viewing this topic.

Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 63
Avast SecureDNS is leaking.
« on: May 08, 2022, 10:55:23 PM »
Hi.

I'm using Avast Premium Security and I do believe Avast Secure DNS is leaking.
I do check my DNS regularly at https://safer.com to make sure it is safe.
Normally it is fine it is shown either Avast or my ISP DNS server.

However for the past week, every day safer.com report that my connection is going through a different DNS server.

So far this is the ones that regularly come up:

M247 Ltd in Ireland
UK2.NET in USA
Leaseweb in USA

All 3 is a cloud service provider so I can imagine Avast using them but it is also possible Avast SecureDNS is leaking. Figured I report it if that was the case.

Sometimes it is go back to normal and show me Avast or my ISP but most of the time one of the above comes up.
I have checked and my DNS settings are normal.
Have also tried this link and SecureDNS seems to be working, it is report that I am protected:
http://securedns.ff.avast.com

All web browsers are affected
Safari 15.4
Chrome 101.0.4951.54
Firefox 99.0.1

macOS 12.3.1
Avast Premium Security 15.2 (9b04f639280d)

Other devices running Avast Premium Security and Windows, Android, iOS and connected to the same hub are not affected, so this is local to my Mac.

Thank you.

Offline ondrej.kolacek

  • Avast team
  • Sr. Member
  • *
  • Posts: 351
Re: Avast SecureDNS is leaking.
« Reply #1 on: May 09, 2022, 03:04:30 PM »
Hello,
if you are talking about Real Site shield in Avast Premium Security, Avast does not change the destination DNS server in any way; it just double checks that the content the original DNS server returns is not maliciously altered.
Kind regards,
Ondrej Kolacek

Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 63
Re: Avast SecureDNS is leaking.
« Reply #2 on: May 09, 2022, 11:14:47 PM »
Hi.

Thank you for the reply. Not sure what feature I am talking about to be honest.
It is weird that you say Avast does not change the DNS server in any way because usually safer.com report that I am using a DNS server by Avast.
Can't remember the exact IP right now, I believe it is beginning with a 5. that's all I can remember. Currently safer.com report that I am using a DNS server by M247 Ltd which is unusual. Normally it is report that I am using a DNS server by either Avast or my ISP.

In case it is uncertain what am I talking about and Avast is not supposed to change the DNS, I'll report back with the exact IP when safer.com report that I am using a DNS by Avast.

Thank you.

Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 63
Re: Avast SecureDNS is leaking.
« Reply #3 on: May 10, 2022, 11:11:38 PM »
So, as I have promised I am back with the information regarding the Avast DNS servers.

Currently safer.com report that I am using a DNS server by Avast Software s.r.o in Miami, Florida, USA
DNS IP: 77.234.42.21

Screenshot:



If I am not supposed to be using an Avast DNS server then I have no idea what is happening. Sorry.
This is what safer.com report usually but for the past couple weeks I begin to see the above mentioned unknown DNS servers by M247 Ltd, UK2.NET and Leaseweb.

I would appreciate any advice.

Thank you.
« Last Edit: May 10, 2022, 11:19:36 PM by ddabrahim »

Offline krahulik

  • Avast team
  • Sr. Member
  • *
  • Posts: 284
Re: Avast SecureDNS is leaking.
« Reply #4 on: May 16, 2022, 09:34:58 AM »
Hi,
do you use Avast SecureLine VPN service? When you are connected to the VPN, the system uses the DNS configured during a VPN session establishment and the DNS requests are routed through the VPN tunnel.

Best Regards,
Martin

Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 63
Re: Avast SecureDNS is leaking.
« Reply #5 on: May 18, 2022, 07:55:19 AM »
Hi.

No I don't use SecureLine VPN but Avast Premium has setup a VPN and network configuration on my system:





It tells me to use Avast to change configuration but I can't find such configuration in the Mac version of Avast.

Thank you.


Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 63
Re: Avast SecureDNS is leaking.
« Reply #6 on: June 04, 2022, 10:04:14 AM »

Hi everyone.

So could someone please explain what is happening?
If I am not supposed to be using an Avast DNS server, how come safer.com report that I do use a DNS server by Avast?

Also could someone please tell me what is SecureDNS then? The above website report that I am protected by SecureDNS or SecureLine VPN. I don't have SecureLine VPN so I figured it must be SecureDNS and since safer.com report that usually I am using Avast DNS I was thinking SecureDNS is DNS servers provided by Avast which is leaking now.

The DNS leak is definitely related to Avast Premium somehow but I have no idea how. It is not my router and not my ISP because other devices on my network are not effected.
My network settings on my Mac are normal using System default which is using DHCP and my router local IP. And again other devices on my network are not effected so I would not believe it is my router.

I would appreciate any ideas, help to debug this mystery around the Avast DNS and the DNS leak.
Thank you.




Offline bednar

  • Avast team
  • Newbie
  • *
  • Posts: 3
Re: Avast SecureDNS is leaking.
« Reply #7 on: June 09, 2022, 02:11:33 PM »
Hi,

SecureDNS is to secure your DNS from being hijacked.
Imagine a rogue DNS server intercepting your requests, and you connect to your internet banking. You get redirected to a fake bank landing page. From there its up to you to spot a difference. SecureDNS prevents the first step.

We do this by re-sending all requests to our secure DNS servers, and then checking the responses. If the original response is OK, that one might get used.
So it is normal that you see Avast as the DNS server, and sometimes not.

The configuration system preferences refer you to are the shield status toggles in the Avast UI.

If DNS leaks are your concern, a VPN is the tool you need.

Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 63
Re: Avast SecureDNS is leaking.
« Reply #8 on: June 12, 2022, 09:17:14 PM »
Hi bednar.

Thank you for the clarification. Appreciate it.
As long I am protected by SecureDNS I am not so concerned but I didn't have any problems with DNS leak until now. Strange.