Jump to content
FabyBg71

Block of DNS resolution when VPN connection is enable

Recommended Posts

Hi,

I installed Malwarebyte 3.4.5 Premium, 
all work witout problem until I connect with VPN (ex. my office's vpn).

After I enabled vpn connection after some time, my system stop dns name resolution;
not all domains and every time blocked sites are different.
(Ex. some time google.com, some time other sites)

VPN is a PPTP VPN and I connect using Windows 10 with windows build-in client.

Just for example : 

Before VPN connection:

        C: \ Users \ fabia> nslookup flapsystem.monday.com
        Server: afdcprd001.af-group.private
        Address: 172.20.0.200

        Response from a non-authoritative server:
        Name: flapsystem.monday.com
        Addresses: 2400: cb00: 2048: 1 :: 6819: 4061
        2400: cb00: 2048: 1 :: 6819: 3f61
        104.25.63.97
        104.25.64.97

After establishing the VPN connection:

        C: \ Users \ fabia> nslookup flapsystem.monday.com
        Server: afdcprd001.af-group.private
        Address: 172.20.0.200

        DNS request timed out.
        timeout was 2 seconds.
        DNS request timed out.
        timeout was 2 seconds.
        DNS request timed out.
        timeout was 2 seconds.


If I disable Malwarebyte real time web protection all work again.

If I enable again real time web protection the problem come back again after some moment.


Can someone help me?
Thank a lot.

Fabiano

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Farbar Recovery Scan Tool (FRST)
    1. Download FRST and save it to your desktop
      Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
    2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
    3. Press the "Scan" button
    4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
      • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
  • MB-Check
    1. Download MB-Check and save to your desktop
    2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
    3. This will produce one log file on your desktop: mb-check-results.zip
      • This file will include the FRST logs generated from the previous set of instructions
      • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites
1 minute ago, dcollins said:

Please provide the logs above, also, any information about your VPN (specific software, etc)

You find attached my logs.

Thanks in advance.

Fabiano

mb-check-results.zip

Share this post


Link to post
Share on other sites

Hi,

No ShrewSoft is installed but no longer used. I use only the VPN client integrated in Windows (no custom client).

I attached two screenshot.

Ciao,
Fabiano

VPN_1.JPG

VPN_2.JPG

Share this post


Link to post
Share on other sites

Thanks for this. We're unable to reproduce this issue using our local PPTP server so most likely it's a server setting configuration. Any chance you can PM us the server configuration options you're using (internal IP addresses, DNS server addresses, operating systems, etc?)

Share this post


Link to post
Share on other sites
15 hours ago, FabyBg71 said:

Hi,

I installed Malwarebyte 3.4.5 Premium, 
all work witout problem until I connect with VPN (ex. my office's vpn).

After I enabled vpn connection after some time, my system stop dns name resolution;
not all domains and every time blocked sites are different.
(Ex. some time google.com, some time other sites)

VPN is a PPTP VPN and I connect using Windows 10 with windows build-in client.

Just for example : 

Before VPN connection:

        C: \ Users \ fabia> nslookup flapsystem.monday.com
        Server: afdcprd001.af-group.private
        Address: 172.20.0.200

        Response from a non-authoritative server:
        Name: flapsystem.monday.com
        Addresses: 2400: cb00: 2048: 1 :: 6819: 4061
        2400: cb00: 2048: 1 :: 6819: 3f61
        104.25.63.97
        104.25.64.97

After establishing the VPN connection:

        C: \ Users \ fabia> nslookup flapsystem.monday.com
        Server: afdcprd001.af-group.private
        Address: 172.20.0.200

        DNS request timed out.
        timeout was 2 seconds.
        DNS request timed out.
        timeout was 2 seconds.
        DNS request timed out.
        timeout was 2 seconds.


If I disable Malwarebyte real time web protection all work again.

If I enable again real time web protection the problem come back again after some moment.


Can someone help me?
Thank a lot.

Fabiano

You might want to try flushing the DNS cache. If you're interested, here's the steps to follow:

 

Go to your START Menu and Right Click and choose Command Prompt (Admin)

***After each command press ENTER

ipconfig /flushdns

ipconfig /registerdns

ipconfig /release

ipconfig /renew

When done restart computer. This will flush your DNS cache and re-register the DNS server, plus will renew the connections

This will only work if this is the problem, could be other matters involved. If you use a browser extension called 'HTTPS EVERYWHERE', Disable it.

Share this post


Link to post
Share on other sites

Hi dcollins,

first .. thanks for your support :-)

I do some additional test.

Apparently the problem happens only when open VPN from my office.

The problem is not only with my internal DNS if I try to use other DNS service (like Google)
the problem is the same.
For example you can see that in this case www.google.it is not resolved and www.google.com is resolved
(I tried flusdns witout success)

        C:\Users\fabia>nslookup www.google.it
        Server:  afdcprd001.af-group.private
        Address:  172.20.0.200

        DNS request timed out.
            timeout was 2 seconds.
            ...

    C:\Users\fabia>nslookup www.google.it 8.8.8.8
        Server:  google-public-dns-a.google.com
        Address:  8.8.8.8

        DNS request timed out.
            timeout was 2 seconds.
            ...

        C:\Users\fabia>nslookup www.google.com
        Server:  afdcprd001.af-group.private
        Address:  172.20.0.200

        Risposta da un server non autorevole:
        Nome:    www.google.com
        Addresses:  2a00:1450:4002:801::2004
                  216.58.205.164
              
I ping the DNS servers witout problem.

        C:\Users\fabia>ping 8.8.8.8
        Esecuzione di Ping 8.8.8.8 con 32 byte di dati:
        Risposta da 8.8.8.8: byte=32 durata=150ms TTL=57
    ...
    
      C:\Users\fabia>ping 172.20.0.200
        Esecuzione di Ping 172.20.0.200 con 32 byte di dati:
        Risposta da 172.20.0.200: byte=32 durata=4ms TTL=127
    ...
    
Apparently no routing problem.

Just for info my internale DNS is Windows Server 2012R2 DNS I am in DHCP (My PC isn't in domain)

If I disable realtime web protection all work.

Thank.
Fabiano

Share this post


Link to post
Share on other sites

Just a shot in the dark... I have seen this happen on some computers, can you try this?

  • Right Click on Network connection icon in the taskbar and choose Open Network & Internet Settings
  • Click on Change adapter options
  • Right Click on your VPN connection and choose Properties
  • Click on Internet Protocol Version 4(TCP/IPv4) (I disable v6 cause we don't use it on our network)
  • Click on Properties 
  • Network_Settings_1.jpg.8d630b3db9a7fe91d6b9e933ace0aebc.jpg
  • Next Click on Advanced...
  • Network_Settings_2.jpg.8ed54d36139d4aa41bcf4f51d6c09e8e.jpg
  • Uncheck Use default gateway on remote network
  • Network_Settings_3.jpg.be1ef1ff5b295a84d3b663fa2ec04390.jpg
  • OK out of all the windows
  • Connect to your VPN and test to see if that helps

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.