Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't open any websites (DNS redirection with Malwarebytes) #53

Closed
TeroBlaZe opened this Issue Dec 28, 2017 · 11 comments

Comments

Projects
None yet
2 participants
@TeroBlaZe
Copy link

TeroBlaZe commented Dec 28, 2017

The Issue has become right after installing Malwarebyes anti-virus.
Any scripts with dnsredir cause to this issue. Can do ping but can't get domain name.

Workaround: Got new DNS IP and PORT form https://servers.opennic.org/ to replace 77.88.8.8
Solution: ???

@ValdikSS

This comment has been minimized.

Copy link
Owner

ValdikSS commented Dec 28, 2017

So you installed anti-virus and could no longer use dnsredir? Does this anti-virus have firewall function? Please check if it blocks port 1253 or IP address 77.88.8.8. Or better install Wireshark, run it with "port 1253" filter and see what's going on.

@TeroBlaZe

This comment has been minimized.

Copy link
Author

TeroBlaZe commented Dec 28, 2017

@ValdikSS no. I can no longer use dnsredir with 77.88.8.8, but --dns-addr 185.121.177.177 --dns-port 1053 is ok for some reason. Yes there is firewall but I don't believe it blocks some ports by default

@ValdikSS

This comment has been minimized.

Copy link
Owner

ValdikSS commented Jan 4, 2018

Can you make traffic dump with Wireshark to port 1253?

@TeroBlaZe

This comment has been minimized.

Copy link
Author

TeroBlaZe commented Jan 13, 2018

@ValdikSS I've made a traffic dump for you

Another strange thing I've noticed even with no Malwarebytes installed that execution of 'apk update' fails due to DNS Lookup error in Docker Alpine container with port 1053 and 185.121.177.177 but in host system it works.
I've find out that in Docker the issue was with the port 1053 but port 53 or default "3_all_dnsredir_hardcore" works fine, so I don't see a much problem but here's a dump.

@ValdikSS

This comment has been minimized.

Copy link
Owner

ValdikSS commented Jan 20, 2018

Please add --dns-verb to the command line and run it again.

@ValdikSS

This comment has been minimized.

Copy link
Owner

ValdikSS commented Jan 20, 2018

I can confirm the issue with Malwarebytes. Will investigate.

@ValdikSS ValdikSS added the bug label Jan 20, 2018

@ValdikSS

This comment has been minimized.

Copy link
Owner

ValdikSS commented Jan 20, 2018

Sorry, I don't know why this happens. Malwarebytes intercepts DNS queries and re-injects DNS replies, but the application which performed DNS query can't receive them. Current GoodbyeDPI version drops incoming DNS retransmissions, but changing it to handle retransmissions and pass them to the application doesn't fix the issue.
What confuses me the most is that Malwarebytes handles DNS queries on port 1253, but not on 1053 (these are very unusual ports for DNS).

I don't know how can I workaround this issue in GoodbyeDPI. I tried to increase filter priority and to exclude local addresses, and it still doesn't work with Malwarebytes.

I'll write to Malwarebytes tech support and we'll see how it goes.

@ValdikSS ValdikSS changed the title Can't open any websites (DNS issue) Can't open any websites (DNS redirection with Malwarebytes) Feb 12, 2018

@ValdikSS

This comment has been minimized.

Copy link
Owner

ValdikSS commented Feb 12, 2018

Malwarebytes asked me for a debug log several days ago. I've sent it.

@ValdikSS

This comment has been minimized.

Copy link
Owner

ValdikSS commented Mar 25, 2018

No updates yet. Asked for status once more.

@ValdikSS ValdikSS added not our bug and removed bug labels Mar 25, 2018

@ValdikSS

This comment has been minimized.

Copy link
Owner

ValdikSS commented Jun 26, 2018

Jun 26, 08:49 PDT

Our Developers are still working on this and hope to have this resolved in the next update which is tentatively scheduled for next week.

As soon as that update is ready, I'll reach out to you and let you know.

@ValdikSS ValdikSS closed this in c4d0ba1 Jul 24, 2018

@ValdikSS

This comment has been minimized.

Copy link
Owner

ValdikSS commented Jul 24, 2018

Please try GoodbyeDPI v0.1.5rc3
https://github.com/ValdikSS/GoodbyeDPI/releases/tag/0.1.5rc3

Should be fixed in this version. Please reopen this ticket if issue is still present in this version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.