AVG SecureDNS and split-horizon DNS

Submitted by cliff on Fri, 06/04/2018 - 16:27

AVG's SecureDNS feature causes problems when using split horizon DNS. 

AVG SecureDNS tries to validate a DNS response using a QUIC request to one of their servers on port 443. When using SecureDNS it will return the external view of your DNS server instead of the internal view.

917    18.820059    10.100.150.41    10.90.12.11    DNS    78    Standard query 0x255c A terminalserver.domain.com
918    18.820754    10.90.12.11    10.100.150.41    DNS    94    Standard query response 0x255c A terminalserver.domain.com A 10.90.12.201
919    18.821628    10.100.150.41    195.181.172.129    QUIC    154    59675 → 443 Len=112[Malformed Packet]
920    18.825398    195.181.172.129    10.100.150.41    QUIC    346    443 → 59675 Len=304[Malformed Packet]

Above wireshark output was generated from using nslookup on a Windows 10 machine. Eventually nslookup will return the external IP address of terminalserver.domain.com