AVG SecureDNS and split-horizon DNS

Submitted by cliff on Fri, 06/04/2018 - 16:27

AVG's SecureDNS feature causes problems when using split horizon DNS. 

AVG SecureDNS tries to validate a DNS response using a QUIC request to one of their servers on port 443. When using SecureDNS it will return the external view of your DNS server instead of the internal view.

917    18.820059    DNS    78    Standard query 0x255c A terminalserver.domain.com
918    18.820754    DNS    94    Standard query response 0x255c A terminalserver.domain.com A
919    18.821628    QUIC    154    59675 → 443 Len=112[Malformed Packet]
920    18.825398    QUIC    346    443 → 59675 Len=304[Malformed Packet]

Above wireshark output was generated from using nslookup on a Windows 10 machine. Eventually nslookup will return the external IP address of terminalserver.domain.com