unknown 8.8.8.8:53 packets

Discussion in 'other software & services' started by biased, Nov 30, 2013.

Thread Status:
Not open for further replies.
  1. biased

    biased Registered Member

    Joined:
    Jul 22, 2013
    Posts:
    34
    Can one help me?

    One laptop on network is to be using 8.8.8.8:53! But I only ever do put in norton dns in router. And only force dchp (statically mapped dhcp). Also rule for blocking of port 53 other than to norton dns port 53.

    packet no get trhough, but still blocked and logging.

    Chrome is installed on machine (of I know what machine is culprit). Turn off the thing that may do, like web service and the predicting.

    I only want to know, after much search I cannot find. How can this be? What may use other dns than system defined (which be the norton by router). Not ever know that one programs (chrome is in my eye to look at at top) can use indepenent?

    Insights?
     
  2. AllThingsGeek

    AllThingsGeek Registered Member

    Joined:
    Nov 28, 2013
    Posts:
    2
    Location:
    United States
    8.8.8.8 is a Google Public DNS server
     
  3. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    Here are my thoughts. You have your DNS setting configured in tcpip properties to Google Public DNS. Your ISP is Comcast. Now how do I know or suspect this when you have not mentioned it? Comcast has apparently recently started transparently redirecting DNS in test population areas over port 53 when a user chooses another DNS provider like Google Public DNS. My solution was to encrypt my DNS via dnscrypt to OpenDNS. This really angers me (ha, I remembered to not say it TOS). :p

    Refer to -

    http://community.spiceworks.com/topic/255408-comcast-redirecting-port-53-dns-transparently
     
  4. biased

    biased Registered Member

    Joined:
    Jul 22, 2013
    Posts:
    34
    Yes, 8.8.8.8 is dns, as port 53 does tell. also could be 8.8.4.4, but is not.

    It not comcast. for settings, if coding static ip to 192.168.1.100 wit subnetting at 255.255.255.0 that gateway be is of course the router of 192.168.1.1. also can have dns setting at router. router gives dns.

    in router is norton dns. router is pfsense. dhcp server is giving ip to machine, even if machine is static, but if not is served. options to deny unknown client is on, so only those that are in reserved dhcp list are being able to get on. each client thenfor has MAC address to know. This does the keeping of unknown peoples out and makes me only allow those machine that are ok by me.

    now as the router is giving out ip (or can static it too) it must be one ip I assign. OK. Know this is good now.

    Machine then use router to get dns, whether static or given dhcp. OK, this is also know to be good. It is so in machine. No funny stuff, is as should be.

    Firewall rules in pfsense state to say for all lan ip, when packet upd or tcp go to port 53, reject if not to norton dns. OK, this is good and works. Packets I see now are to 8.8.8.8:53, but rejected. firewall log show, but not get through.

    so question is, what can cause this? is chrome having option to use google dns somehow? I not see that answer when looking on the internets. Only see for people to know how to use the 8.8.8.8:53, not even to block it or why it shows head to me.

    Not use firewall, but may. This not even use packet sniff yet, so not telling yet, but think it can be chrome. If not else is running but the chrome, what else can be? May haps that I turn off dns service, but that not cacheing. This scratches my head, what attempt to go around my settings? It not get around, but it my settings, and not do I like that auto-dns program that pays not to my own rules. As say, why do I make rules if not being followed.
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Nope, I've never experienced nor seen elsewhere such issues with Chrome. You can confirm by using Chrome on another machine, or using another browser on the affected one.
     
  6. biased

    biased Registered Member

    Joined:
    Jul 22, 2013
    Posts:
    34
    I never saw that too. But system not set using any other than norton dns, I confirmation that.

    Something try to use the 8.8.8.8 for that is sure. Now I go to pain of tracking down :mad: Not a rogue thing, of that I know. Keeping tight ship but this not following rule hehe.

    thanking all.
     
Loading...
Thread Status:
Not open for further replies.