Jump to content
exile360

Web Protection+DNSCrypt=NO INTERNET

Recommended Posts

Something must have changed in the Web Protection component because for the first time ever, when Web Protection is active I cannot access the internet if DNSCrypt is enabled (I have my DNS server address set to 127.0.0.1 as I always have for DNSCrypt).  This just cropped up with the latest beta, 4.0.1; I had no issues with 4.0.0 or any previous version of Malwarebytes.

To test, install SImple DNSCrypt and enable it for your network adapter(s) and verify for your IPv4 properties for your network connections that the Use the following DNS server address: option is set to 127.0.0.1 NOTE: Do NOT try this without DNSCrypt installed/active or you won't have internet access, because normally 127.0.0.1 is the loopback address, however because of the way that Simple DNSCrypt installs its service as a local DNS server, it uses this address to capture all DNS requests accordingly.

You can find the latest build of Simple DNSCrypt here for QA testing and verification of this issue.

I'm running Windows 7 x64 SP1 fully patched, though I doubt it matters as it appears to simply be an issue with the use of the 127.0.0.1 loopback address as your DNS server address because if I either disable the 127.0.0.1 address as my DNS server address or disable Web Protection in Malwarebytes, my internet starts working immediately.  As soon as I have both enabled there is no internet access.

Share this post


Link to post

Excellent, thanks Bob :)

It will be nice to have my MB Web Protection back again ;) 

Share this post


Link to post

Hey guys, just FYI, I've tested with the latest betas and unfortunately this is still occurring so I've rolled back to the MB3 RTM build for the time being until this gets sorted because I gotta have my Web Protection ;) 

Share this post


Link to post
Posted (edited)

Hello,

With the latest beta version and DNSCrypt, we haven't experienced any connectivity issues with Web Protection enabled on Windows 7 or Windows 10.

Are you able to provide some additional data on the issue? Enabling enhanced event log data in the latest beta version, reproducing the issue and then gathering logs with the Malwarebytes Support Tool would be useful.

Could you also try the following:
1. Disable DNSCrypt completely (detach the network card by unchecking it and remove service using the option above)
2. Set your DNS setting in Windows to "Obtain automatically".
3. Enable DNSCrypt and attach to the network card by checking it.
4. Enable Web Protection in Malwarebytes version 4.

Edited by LiquidTension

Share this post


Link to post

To be clear, I am using a specific application for implementing DNSCrypt called Simple DNSCrypt which, when enabled for a network connection, configures the DNS setting to Use the following DNS server address: and sets it to 127.0.0.1 as shown below (it does this for any connection that you enable DNSCrypt for in Simple DNSCrypt):

address.png.c31e46a74fb556fd7b53f8f6b186d5e9.png

I'll return once I've restarted my system to let you know how it went.

Share this post


Link to post

I tested again with the same results.  I cannot connect to the web with both enabled.  If I disable either one, the internet works.

Share this post


Link to post

Hello,

Can i ask you to verify few settings on your system and perform these steps?

1. IPv6 is enabled on your primary network adapter (Control Panel - Networking). All settings are to default, DNS as well

2. "DNSCrypt - Advanced Settings - Listed Addresses" should contain IPv4 and IPv6 addresses ("127.0.0.1:53" and "[::1]:53") and if not - click the button below to restore the defaults

After all of this can you try to restart your system and/or restart DNSCrypt and reattach it to your primary network adapter?

Thank you! 

 

Share this post


Link to post

Nope, IPv6 is completely disabled on both my system and modem/router.  The only change I'm making when enabling DNSCrypt is that it modifies my default DNS address to 127.0.0.1.  In Simple DNSCrypt it shows my 'Listen Addresses' as 127.0.0.1:53 for IPv4 and [::1]:53 for IPv6 (though I also have its 'Block IPv6' setting enabled).  Web Protection doesn't require IPv6 connectivity, does it?  Or is that something that's changed in MB4?  If so, that might explain the issue, though it is odd that I have IPv6 disabled in Windows itself and my modem/router yet Web Protection still works as long as DNSCrypt is disabled.

Would you like me to try disabling the 'Block IPv6' option in Simple DNSCrypt to see if that makes any difference?

Share this post


Link to post
Quote

 Web Protection doesn't require IPv6 connectivity, does it

You're right, IPv6 is not the requirement.

 

I can give an advice to do the following steps:

1. Disable DNSCrypt

2. Enable IPv6 on your adapter on Windows (only in OS, not in router), set all options to "Automatically"

3. Disable option "Block IPv6" in DNSCrypt - i presume that no need to block IPv6 while you do not have such type of traffic.

4. Set DNS on IPv4 and IPv6 to "Automatically" on your primary network adapter

5. Restart OS

 

Thank you!

Share this post


Link to post

If I do all of those steps the internet will work, but only because DNSCrypt is disabled.  I can perform any series of steps, and I've tried many, however if Web Protection is enabled and DNSCrypt is enabled, there is no internet connectivity.  If I disable either one, the internet works fine (even without a system restart; I just have to wait long enough for the cache to clear itself/the browser to retry the connection).

Something changed in the implementation of Web Protection between MB3 and MB4 and for whatever reason, it doesn't like my setup.  I'm going to try disabling my HOSTS file next to see if that has any impact on the issue.  It may since there is some IPv6 stuff in there (along with tons of IPv4 blocks, of course).

Share this post


Link to post

Well, disabling the HOSTS file didn't help unfortunately, but I did think of one more thing.  I don't see why it would impact anything, but it might if somehow the implementation of the driver has changed in some way.  I have my network connection configured as a 'public connection' (the most secure connection type) rather than a home or work connection.  I did it this way because it's the most secure, though I wouldn't think that would mess with Web Protection, but maybe it is a factor somehow.

Share this post


Link to post

I tried a few more things.

Excluding 127.0.0.1 from Web Protection=No effect

Excluding Simple DNSCrypt's primary executable and service from Web Protection=No effect

Configuring Windows 10 Firewall Control to 'EnableAll' mode (the same as no firewall at all)=No effect

So far the only thing that works is either disabling DNSCrypt, or disabling Web Protection, but I'll keep experimenting with it.  I hope that you guys are able to replicate it.  I can provide further details on my system configuration if required in order to help QA to replicate the issue, just let me know.

I just thought of something else.  Because I'm using a large HOSTS file, I have the DNS Client service disabled.  Perhaps that is the missing factor here.  I will try disabling my HOSTS file (to avoid the constant 100% CPU usage from having a large HOSTS file with the DNS Client service enabled), then try enabling both Simple DNSCrypt and Web Protection to see if that resolves the issue.  I know that Binisoft Windows Firewall Control (recently acquired by Malwarebytes) requires the DNS Client service to be active in order to display its notifications, so perhaps Web Protection in MB4 is somehow getting borked when DNSCrypt is active with that service disabled.  I'll post back and let you know how it goes.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.