Buy or Renew
Buy or Renew
NOTICE: OpenDNS Service Currently Not Available To Users In Belgium. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
112
Views
0
Helpful
2
Replies

OpenDNS won't block nos._tcp.nos-avg.cz

chs-patriots
Level 1
Level 1

‎04-17-2015 11:25 AM

I am getting thousands of requests for nos._tcp.nos-avg.cz and config.nos-avg.cz.   I blacklisted these domains but that hasn't stopped anything.  Why are they making all these requests?

 

RANKDOMAINREQUESTS
1 _nos._tcp.nos-avg.cz 6,885
 
You blacklisted this domain. You can unblock this domain or block similar domains .
  
2 config.nos-avg.cz 3,709
 
You blacklisted this domain. You can unblock this domain or block similar domains .
Labels:
0 Helpful
2 Replies 2

mattwilson9090
Level 4
Level 4

‎04-17-2015 11:48 AM

Blacklisting a domain will block DNS lookups to that domain, and effectively prevent internet traffic from going that domain, but it does nothing to prevent whatever is initiating the requests in the first place.

Why did you blacklist the domain in the first place?

It appears that nos-avg.cg is a domain associated with updates for the family of AVG security products. It could also be used for other backend communications depending what particular AVG components are installed. Without knowing anything about your network, including how many computers there are, or what kind of software they are running, I can only speculate that one or more computers are now failing all of their software updates for their AVG software. Given how this type of software operates I'd guess that the rate of lookups for that domain may have actually increased as the software keeps trying to make a connection and do what it's supposed to do.

0 Helpful

rotblitz
Level 6
Level 6

‎04-17-2015 12:18 PM

"I blacklisted these domains but that hasn't stopped anything."

Not sure what you're actually looking for.  Did you think the DNS queries will be stopped if you blocked a domain?  Far not!

Queries for these domain names are definitely blocked, as can be seen from "You blacklisted this domain".  I.e. the networking application(s) in your network raising these queries will not be able to resolve these domain names but are provided with an OpenDNS IP address instead of the real result.

"Why are they making all these requests?"

The fact that you blocked the domains may even cause to significantly increase the number of attempted queries, because the application doesn't get a satisfying response anymore and may therefore retry again and again.

And I'm not sure why you have blocked these domains at all.  The zone nos-avg.cz is registered for AVG Netherlands BV:
AVG Netherlands B.V. is a software publisher located in Amsterdam, North Holland in Netherlands*. AVG Technologies provides a family of anti-virus and Internet security software and features most of the common functions available in modern anti-virus and Internet security programs.

See what's behind these domains (only if you didn't block them any longer):
    nslookup -type=any nos-avg.cz.
    nslookup -type=any _nos._tcp.nos-avg.cz.
    nslookup -type=any config.nos-avg.cz.

After all it seems you have successfully blocked your AVG Antivirus program from orderly working, thereby introducing unforeseeable security risks.  I would strongly recommend to not block those domains.

If you don't like to see the DNS queries to nos-avg.cz domains in your stats, you had to uninstall your AVG Antivirus program and to install a different one.

0 Helpful
Customers Also Viewed These Support Documents