Buy or Renew
Buy or Renew
NOTICE: OpenDNS Service Currently Not Available To Users In Belgium. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
85
Views
0
Helpful
5
Replies

Possible DNS leaks

jeff8356
Level 1
Level 1

‎02-06-2016 09:22 AM

I recently ran a DNS Leak Test and found the the DNS servers Belong to "302 Direct Media" (see attached screen shot).

302 Direct Media seems seems to be registered as an Internet Advertising company out of California.

After running a WHOIS on one of the IP's the website for 302 Direct Media goes to "Best Path Networks" which happens to be a subsidiary of OpenDNS.

I've run the usual website tests ODNS offer to verify that it's working properly and everything checks out alright.

Are these really the DNS servers ODNS are using?  Or has something gone wrong?




ScreenShotODNS.png
Labels:
0 Helpful
5 Replies 5

mattwilson9090
Level 4
Level 4

‎02-08-2016 10:13 PM

Which address did you run this WHOIS lookup on?

How did you determine that Best Path Networks is a subsidiary of OpenDNS?

Which DNS servers are you asking that OpenDNS is using? 302 Direct Media, Best Path Networks, or something else?

I'd say that something has gone wrong, perhaps in how your ISP routes traffic, but it's hard to say without enough information to trace and/or verify the information that you are providing.

0 Helpful

jeff8356
Level 1
Level 1

‎02-09-2016 09:19 AM

Any on of the address' you see in the screenshot attached to the first message.

For Best Path go to www.best-path.net and it says it right on the page, "a subsidiary of OpenDNS".  I don't recall exactly how I came up with the Best Path info, I think it may have been an online WHOIS lookup.  I usually use the terminal (CLI) on my Mac to do the whois searches.

Any one of the servers that shows up in the DNS leak test Whois shows it as being registered to 302 Direct Media and being administered by OpenDNS  (see attached WHOIS screenshot).  I use the Miami Data Center so it all seems to be from that one location.

I have run all the usual OpenDNS tests and confirmed that ODNS is properly setup and working and blocking what it is supposed to.

But what got me concerned is that 302 Direct Media is an "internet advertiser", but ODNS is listed in the WHOIS as being the contact for 302 Direct Media.  The physical address are the same for both also, meaning they are in the same building.  Seems like it would be a conflict of interest to me.

 




Screen Shot 2016-02-09 at 12.09.24.png
0 Helpful

jeff8356
Level 1
Level 1

‎02-09-2016 09:19 AM

Any on of the address' you see in the screenshot attached to the first message.

For Best Path go to www.best-path.net and it says it right on the page, "a subsidiary of OpenDNS".  I don't recall exactly how I came up with the Best Path info, I think it may have been an online WHOIS lookup.  I usually use the terminal (CLI) on my Mac to do the whois searches.

Any one of the servers that shows up in the DNS leak test Whois shows it as being registered to 302 Direct Media and being administered by OpenDNS  (see attached WHOIS screenshot).  I use the Miami Data Center so it all seems to be from that one location.

I have run all the usual OpenDNS tests and confirmed that ODNS is properly setup and working and blocking what it is supposed to.

But what got me concerned is that 302 Direct Media is an "internet advertiser", but ODNS is listed in the WHOIS as being the contact for 302 Direct Media.  The physical address are the same for both also, meaning they are in the same building.  Seems like it would be a conflict of interest to me.

 

0 Helpful

rotblitz
Level 6
Level 6

‎02-09-2016 10:00 AM

@jeff8356
"I recently ran a DNS Leak Test"

Fine.  What did you want to achieve with this measure?  What do you know about DNS leaks?  Leaking DNS is just normal.  You're only interested in it if you regularily use VPNs and want to prevent from your DNS traffic being visible outside of the VPN.  Is this really what you wanted to verify?

"Are these really the DNS servers ODNS are using?"

Of course, these are all of OpenDNS, as easily can be seen from https://www.opendns.com/data-center-locations/ where the 204.194.239.0/24 address range is from peering network carrier "NAP of the Americas" being used by OpenDNS to serve their data center in Miami.  So what?

"Or has something gone wrong?"

Not at all if and when you're using the OpenDNS data center in Miami.

0 Helpful

jeff8356
Level 1
Level 1

‎02-09-2016 10:35 AM

What I was initially trying to determine was if my ISP was rerouting my DNS requests, which apparently they do not.  I do occasionally use VPN (mainly for mobile devices while away from home) but in this particular instance I was not.

In the past, the ODNS servers always came back registered to OpenDNS.  I was shocked to see them come back to 302 Direct Media this time.  Initially I thought that my ISP WAS redirecting my DNS requests, being that 302 Direct Media is an "Internet Advertising" company it raised some concerns with me.  Only to find out that 302 Direct Media and OpenDNS were affiliated (or one in the same).

So my initial question has been answered, there is no DNS leak. Just that the IP address' are not saying OpenDNS, but 302 Direct Media instead.

It still leaves me with questions/concerns, but that is another topic for another time.

 

 

0 Helpful
Customers Also Viewed These Support Documents