DNS server settings changed


#1

Shouldn’t that kind of alert provide more information? Currently is kinda useless, isn’t it?
They previous and new IP address/list of addresses would be nice.


DNS Server regularly changing
#2

While more advanced users could probably check it out on their own, it would be nice if the above could be added.


#3

We should add more detailed info, I agree. Do you know what caused you to receive the alert by chance?


#4

@Ken_GlassWire this time I know - hard reboot of my router connected via cable/RJ-45 :wink:
However next time… maybe a spyware - changing DNS settings for few minutes, clearing dns cache, trying to resolve my bank website (with changed DNS), Windows cacheing it… then changing back DNS to normal/default servers. Perfect attack if I visit website in next [INSERT DNS TTL] hours :wink:


#5

Good point. We should give more detailed info if we have the ability.


#6

I strongly support this request. It is kind of annoying and terrifying to see that some DNS settings have changed but you don’t know why and what caused the change and what the changes were.

Cheers
Christian


#7

I too support this request. I use Comodo DNS and, with GW alerting me to a change, I was able to establish that my DNS servers had been set to something else - I suspect during a Windows Update session. I now have the DNS Jumper utility to make it easier to restore my previous settings or choose any particular DNS server, but it would be most helpful if the DNS details (IP, hostname, country), preferably both pre- and post-change, were included in any GW DNS change alert.


#8

whatever you can add.
what changed it, what it was changed from and to


#9

+1 for this. I regularly change DNS when connecting / disconnecting from VPN but it would still be nice to see at glance what the details were in that notification message or some drill down detail. I do love the proxy changed notice when I start/stop fiddler but that is mostly a on/off detail.


Show what application is changing the System Proxy?
#10

I am also having this problem one one of two PC’s plugged into the same modem/router. On one computer the DNS resets each time I start up; then again about 3-4 minutes later. Is this possibly malware? Thx


#11

I’ve had this happen, as well, and believe it’s a Windows thing. To mitigate the risk of DNS hijacking, I’ve turned to using static IP addresses for the DNS settings in my Windows 7 network adapters. I’ve been using Comodo Secure DNS addresses:

IPV4:::
Primary: 8.26.56.26
Secondary: 8.20.247.20
IPV6:::
0:0:0:0:0:ffff:81a:381a
0:0:0:0:0:ffff:814:f714

After making this change, the addresses are always in the adapter(s). The only time I get a DNS change notification is when using a VPN, but the adapters are still set to the Comodo addresses no matter what.


#12

Our next update will have more detailed DNS change info.


#13

I’ve installed the latest GW version (1.0.38), and this issue is not yet fully fixed. Now, each DNS change is reported with an ‘old’ or ‘new’ address but not both. Also the address that is shown is displayed in hex, which is meaningless to me! - Still, bit by bit we’re getting there! :wink:


#14

The old DNS address is blank for you? When you say “hex” can you give an example? If not feel free to email our “bugs” email with screenshots.

Thanks!


#15

This is today’s DNS change record so far today - both changes being upon starting up the computer. One gives “Old” and the other gives “New”, but they both should give both old and new - and those addresses are gibberish to me.

Another point is that I found that I could not copy the displayed DNS server addresses. Any attempt at that just copied the “DNS server settings changed” bit, which isn’t very useful! :smile:

Edit:
Looking back through the DNS change history, I see that GW roughly alternates between saying ‘New’ and ‘Old’, but there is no clear pattern about this, with some repeated ‘New’.

Philip.


#16

That is IPv6 address. Didn’t you disable the IPv6 protocol on your card for some reason?
It looks good with IPv4, however if you got two IPs (example, first from bottom) and one is deleted (second one stays) it also should say “New” - with some information like “Blank” or “Not set”.

Can’t put picture in post, new user (LOL!)
Pic: wstaw.org/m/2015/02/26/GlassWire_2015-02-26_23-08-05.png


#17

The only way we could see this happen is if you have an empty value for your DNS. Did you somehow set an empty value for your DNS? We don’t see how this is possible with Windows. Is it possible some third party DNS software is installed on your computer that somehow sets an empty value?

Thanks for reporting this.


#18

Windows defaults to acquiring DNS addresses, both IPv4 and IPv6, automatically. They are blank in each network adapter, "out of the box ". Windows acquire a new DNS upon some network trigger (i.e., reboot of system and, thus, restart of adapters or via some other network “trigger”)

The user must go into each network adapter and explicitly set DNS addresses to stop the behavior exhibited by GlassWire.

See my response above (and, linked below) as to suggested addresses to set the network adapter to for IPv4 and IPv6:


#19

I’d not received notification of further activity here, otherwise would have come back sooner.

My IPV4 DNS addresses (Norton ConnectSafe ones) are set in Windows for the relevant network connection (Ethernet), but I have no addresses set for IPV6, so I still don’t understand why GW is displaying IPV6 addresses, not the IPV4 ones. Also, it still doesn’t make sense that only one address is shown for each report, which is sometimes described as ‘New’, sometimes as ‘Old’. That all leaves me in the dark.


#20

Various posters are asking for more details on IP addresses while I too have dns jumper I use it in conjunction with DNS Benchmark which provides a name -owner-status and response times list in Status you get those IP.s with bad domain names are intercepted by provider .Its by Precision Freeware by Steve Gibson this should do till Glasswire include the same info in the future.