Avast Secure DNS directs queries to Softlayer Technologies server

Hello, this is my first post here…
I am currently running Avast Internet Security 2016 (ver. 11.1.2245) in trial mode for evaluation.
With Secure DNS enabled and connected to my OpenVPN Access Server, when I perform the DNS Leak Test (https://www.dnsleaktest.com/) one of the servers that shows up is:

158.85.77.188 bc.4d.559e.ip4.static.sl-reverse.com SoftLayer Technologies Canada

Actually, this server is the only one that shows up if I am not connected to my vpn.

Is this a legitimate server used by Avast for DNS, or have I been hijacked?

Interestingly, if I am connected to my vpn and have Avast Secure DNS disabled, then all of my queries are sent to servers at Amazon EC2, as expected.

I hope someone can shed some light on this, as I am a little concerned. I will probably leave Secure DNS disabled until I hear back. Thanks.

I have DNS issue after I installed Avast internet security and upgraded to Windows 10 in December 2015. After 4 days of googling around, I suspected the issue caused by windows 10. I have connection timed out issue with one internal website. My nslookup for that website always returns with a Non-authoritative answer with its outside address assigned by our ISP. Finally, I found DNS Leak test tool and found out that my nslookups were sent to my primary DNS server and Avast SecureDNS site. The Non-Authoritative answer was from the Avast Secure DNS server. My connection timed out issue was resolved when I disable Avast Secure DNS. Hello Avast, would you please fix this?

Tuan

Well now, this is an interesting development. ::slight_smile:

I first noticed an “encrypted” tag name on servers in Switzerland registered to Credit Suisse. Namely 169.54.85.39, and also .45.

Then the same sort of encrypted tag names appear now on this server you bring up, which, depending upon who you believe comes from Durham, NC, or Canada and is register in Canada to IBM. 152.85.77.188

Before I blocked the one you mentioned (Canada) it downloaded over 1 MB from my machine in New Hampshire.

I have taken two precautions. I blocked a range in both Switzerland and in Canada that includes the first two blocks of the quatrains involved to be sure I catch all associated servers since they often daisy chain until they find a point of entry.

I am also in process of blocking all of Switzerland and all of Canada since I have no personal business in either country.

I heartily recommend the program here if you do serious research in these matters: http://www.beethink.com/

Warm Regards, Captain Risu

Post Script: After posting another server showed up displaying the same pattern. I blocked range of 70.32.0.0-70.32.255.255 to eliminated any further contacts from "NOBIS, “Ubiquity” in Phoenix AZ, which is I would guess a research arm on contract to someone handling computer “of interest”,although is is a mystery why anyone would be interested in our home computer. Just us chickens around here ! :slight_smile:

Post Post Script: MYSTERY SOLVED, I THINK
Got a probe from AVAST using this IP 158.85.77.188, and so I suppose AVAST is in business with the others at NC, Canada, and in Arizona, and this is all part of our security program. I do not like, nor will I accept IP’s that use “encrypted tags”. Thank you AVAST, however, for your very excellent work! Let’s keep it visual for those who can see anyway. :-*

On the other hand! I think I might accept encrypted tags. Oh well, you know “for every spell there is a counter spell if you want to spend the time”.

But why fight when you are all on the same team, yes?

Hi, I don’t know If I really understand all the topics here, but SecureDNS and SecureLine VPN services are hosted all over the world in various data centers. From the data I have at my PC I can see, that SecureDNS is currently hosted on 55 servers (at this point using ports 443 or 53 on both TCP and UDP). From the list I can see these IP in the same IP range:

`
Name: yto80-003.ff.avast.com
Address: 158.85.77.182

Name: yto80-004.ff.avast.com
Address: 158.85.77.190`

My understanding is, that the IP 158.85.77.188 is also part of our service infrastructure, even though it is now used by secureDNS at this moment (the list is dynamic) and can be used again in the future. Not sure about the “encrypted” tag, but SecureDNS uses the DnsCrypt protocol for encrypting the DNS between Avast Client and Avast Servers.

For the other range, 169.54.85.39/.45 – I don’t see the server in the list (again, at this very moment), but close enough I can see the following servers:

Name: ymq80-005.ff.avast.com
Address: 169.54.84.53

Name: ymq80-007.ff.avast.com
Address: 169.54.84.39

Lukas.