I run a PiHole at home acting as a DHCP server. Sometimes from my Mediapad I have trouble connecting to some of my servers at home. Usually I just disable and enable WiFi and things start working again.
This problem happened just now and instead of doing my normal workaround I ran a tool called "Net Analyzer" and could see that my DNS had been changed to 180.76.76.76 which after some digging turns out to be operated by Baidu. When I disabled/enabled WiFi the DNS was changed to the local IP of my PiHole.
I can't for the life of me figure out how this has happened. I guess there are two candidates; malware or the Mediapad has itself changed the DNS. Neither is very comforting.
Does anyone know how this could have happened?
Model: CMW-W09
Build number: 9.1.0.333 (C432E5R1P3)
EMUI version: 9.1.0
Android version: 9
Checked the DNS on my MediaPad (on build .332) and wouldn't find it to be set to the Baidu DNS you mentioned (but 1.1.1.1).
Related
Hi, guys, here's my problem.
My Galaxy S2 using my own WiFi is unable to retrieve some content from web. This content is:
apps icons in Android Market,
Picasa images,
Accuweather forecasts
and some others.
Other devices using the same WiFi has no problems with it. S2 switched to other ISP than my WiFI also has no problems with it.
While trying to narrow possible causes I've picked an example image, which is problematic to my S2+WiFI combination:
https://lh3.ggpht.com/NpoJbnyQbI1kEIlrWhP_t7lj9lN519RkPB3mxQS2z6pTFjh01R3ISeyYnj4AccBSsQ=w788 (an icon of an app from Adroid Maret, remove space from url).
It won't open on my phone using WiFi, so I checked host availability. I've run on my phone following command:
Code:
[email protected]:/ $ ping lh3.ggpht.com
ping: unknown host lh3.ggpht.com
But on my PC using the very same WiFi:
Code:
C:\Users\Grzegorz>ping lh3.ggpht.com
Badanie photos-ugc.l.google.com [173.194.70.132] z 32 bajtami danych:
Odpowiedź z 173.194.70.132: bajtów=32 czas=27ms TTL=47
Odpowiedź z 173.194.70.132: bajtów=32 czas=25ms TTL=47
I'm stuck, what should I do now?
Have you any ad blockers or DNS stuff running ???
jje
Nope, it's clean Android 4.0.3.
Echo request for lh3.ggpht.com on your phone does not work. On your PC you get a response from 173.194.70.132. Just to make sure your problem is related to DNS (and not to some lower service): did you try to ping the IP address 173.194.70.132 from your phone? Do you get a response?
Yes, the host is reachable from phone using IP dot address, only name resolving does not work.
Ok, looks definitely like some DNS problem. As you already confirmed that your hosts file is fine the only thing I can imagine is your phone using some 'wrong' DNS server for address lookup.
To make (almost) sure you use a set of different DNS servers you could disconnect your phone from the wifi and enable a 3G data connection. Make absolutely sure you are not connected to your wifi. Now again run 'ping lh3.ggpht.com'; do you get a response?
Yes, that is the case.
Another weird thing is that phone on 3G resolves lh3.ggpht.com as 173.194.35.139, while PC on WiFi as 209.85.148.132. My 'hosts' file contains only localhost reference.
When I switch to WiFi while pinging that host, pings keep successful, unless I restart terminal session — after that I get 'unknown host' message.
Is there DNS configuration in Android somewhere?
OK, it seems I fixed it.
My WiFi works in a bigger subnet and hides all connected WiFi devices as as single computer.
I've installed on my Phone app called Set DNS from former Android Market, which allowed me to change both primary and secondary DNS. Initally both addresses were pointing to WiFi router itself which seems to work fine for my PC. I've changed it to DNSes of that bigger subnet I'm connected to. And it did the trick. Hopefully it won't mess settings for other WiFis I use to connect.
Thanks for showing me right direction!
I have a Mac mini running OS X 10.8.2 with the OS X Server 2.2.1 from the app store, and I have set up the VPN using L2TP in the Server.app interface. I have tested this VPN connection using a Macbook, which works, but I can't figure out how to get Android's built-in VPN to work.
Current set-up:
I have opened ports 500, 1701, 1723, and 4500 on my router.
I am using a dynamic DNS from no-ip.com, we'll say hostname.no-ip.org
I have set a "Shared Secret", we'll say 1234567890
I have set up an account for my android phone on the server, let's say the user name is "nexus" and the password is "google"
On the Macbook, I simply use the DNS, the secret, and credentials that I have set up on the server, and it connects.
On my Android device (Nexus 4 4.2.2) I am using the following settings:
Name: Mac Server
Type: L2TP/IPSec PSK
Server address: hostname.no-ip.org
LT2TP secret: (not used)
IPSec identifier: (not used)
IPSec pre-shared key: 1234567890
When I try to connect using these settings, it prompts for the username and password, so I enter "nexus" and "google". It sits there saying "Connecting..." for maybe 30 seconds and then it just goes back to "Disconnected" with no error or other message. I have also tried putting the "Shared Secret" in the L2TP secret field, but with the same result.
Is the built-in Android VPN simply incompatible with OS X Server's VPN? Or have I misconfigured something?
Note: I would strongly prefer to continue using L2TP, and not the less-secure PPTP VPN
Ok, so I have managed to connect to the VPN when doing it INSIDE the network to the IP of the server (lets say 192.168.1.2). If I change the address to hostname.no-ip.org it won't connect, although it is working for everything else (such as web, etc).
I have tried on my iPad and I can connect just fine either from inside the network or over 3G connection.
On the Nexus I have tried to change the hostname.no-ip.org to my public IP address but it will not work either.
The funny thing is that when I try to make it work outside the server, the mac server log will show nothing, while every other test I run it logs it perfectly.
I think something is very broken in the way VPN is implemented in Android. Am I the only one finding himself in this situation?
....your missing a very large part.....
FORWARD YOUR PORTS ON YOUR ROUTER
Also in your router look for anything relating to VPN.
Also some routers will not alow you to conect from the external ip internally. I hate routers like that..
and why run osx server on a macbook?
if you want a secure home vpn, go find a old windows computer any p4 will do and install linux and install vpn services on it.
Hi,
I am on Android 4.0.4 Cyanogen Mod. Recently, whenever I open google.com or any google website, I get this popup that asks me to download Flash Player and redirect me to some website that has a link to download. It basically blocks all the routes to google related websites.
This is exactly the same issue described here: bleepingcomputer.com/forums/t/526069/warning-your-flash-player-may-be-out-of-date-redirect-on-both-pc-and-tablet but the solution is basically for a Windows machine.
After this started to happen, I:
1. cleared all applications cache data
2. Installed AVG antivirus and scanned the phone
This does not seem to be a problem with router because there I do not see the problems on computers and phones connected to the same router.
Can someone help me to solve this problem?
Attached is the screenshot.
Thanks
PS: I cannot post a link yet, so I removed the protocol and www prefix.
naishe said:
Hi,
I am on Android 4.0.4 Cyanogen Mod. Recently, whenever I open google.com or any google website, I get this popup that asks me to download Flash Player and redirect me to some website that has a link to download. It basically blocks all the routes to google related websites.
This is exactly the same issue described here: bleepingcomputer.com/forums/t/526069/warning-your-flash-player-may-be-out-of-date-redirect-on-both-pc-and-tablet but the solution is basically for a Windows machine.
After this started to happen, I:
1. cleared all applications cache data
2. Installed AVG antivirus and scanned the phone
This does not seem to be a problem with router because there I do not see the problems on computers and phones connected to the same router.
Can someone help me to solve this problem?
Attached is the screenshot.
Thanks
PS: I cannot post a link yet, so I removed the protocol and www prefix.
Click to expand...
Click to collapse
I have the exact same issue as above. I am on 4.4.2 (CM v. 11-20140405-SNAPSHOT-M5-i9300)
What I observed is, when I am connected to my home wireless, neither the internet browsing works nor the play store. But when I shift to 3G, my play store works but with the browser I still get that flash warning.
I have not got any information from elsewhere how to fix it (on phone).
naishe said:
Hi,
I am on Android 4.0.4 Cyanogen Mod. Recently, whenever I open google.com or any google website, I get this popup that asks me to download Flash Player and redirect me to some website that has a link to download. It basically blocks all the routes to google related websites.
This is exactly the same issue described here: bleepingcomputer.com/forums/t/526069/warning-your-flash-player-may-be-out-of-date-redirect-on-both-pc-and-tablet but the solution is basically for a Windows machine.
After this started to happen, I:
1. cleared all applications cache data
2. Installed AVG antivirus and scanned the phone
This does not seem to be a problem with router because there I do not see the problems on computers and phones connected to the same router.
Can someone help me to solve this problem?
Attached is the screenshot.
Thanks
PS: I cannot post a link yet, so I removed the protocol and www prefix.
Click to expand...
Click to collapse
I think it is a virüs and your system is effected. Maybe there is easy way to fix that problem but i suggest you to backup your datas and make full wipe (system, data, cache) and install your rom. For me it is definitely solution.
I think I got the problem when another computer connected to the router got the same issue.
Basically, my modem/router was bugged. There is a virus that performs DNS injection. DNS of my network adapter had been changed to 68.168.98.196, which in turn was redirecting all the traffic from my devices to the attacker's website.
So, I called the phone company and got the modem reset. Updated the settings. The problem was fixed.
If you have the same problem,
1. Check the DNS setting in your modem/router. You may need to log into the router gateway like HTTP : / / 192.168.1.1 or something.
2. If it is 68.168.98.196, you will have to reset the router.
3. Note that if you are bugged, you might not log into the router though. So, you cannot see the DNS. Probably, you should probably check in your system. For example, I do this Ubuntu,
Code:
~$ nm-tool | grep DNS
DNS: 192.168.1.1
DNS: 125.22.47.125
DNS: 125.22.47.100
DNS: 8.8.8.8
4. Reset the router. Before you start doing that make sure you have all the information, id and password for your connection provided by the ISP.
Once this is done, you can see Google and sister websites load pretty well.
naishe said:
I think I got the problem when another computer connected to the router got the same issue.
Basically, my modem/router was bugged. There is a virus that performs DNS injection. DNS of my network adapter had been changed to 68.168.98.196, which in turn was redirecting all the traffic from my devices to the attacker's website.
So, I called the phone company and got the modem reset. Updated the settings. The problem was fixed.
If you have the same problem,
1. Check the DNS setting in your modem/router. You may need to log into the router gateway like HTTP : / / 192.168.1.1 or something.
2. If it is 68.168.98.196, you will have to reset the router.
3. Note that if you are bugged, you might not log into the router though. So, you cannot see the DNS. Probably, you should probably check in your system. For example, I do this Ubuntu,
Code:
~$ nm-tool | grep DNS
DNS: 192.168.1.1
DNS: 125.22.47.125
DNS: 125.22.47.100
DNS: 8.8.8.8
4. Reset the router. Before you start doing that make sure you have all the information, id and password for your connection provided by the ISP.
Once this is done, you can see Google and sister websites load pretty well.
Click to expand...
Click to collapse
I think you nailed it down. Indeed my wireless router (which is physically connected to my ISP's modem) had one of the DNS set to 68.168.98.196. I now changed them manually to google DNS servers, had my phone forget the network and added it again. Looks like it is working for me too..
Thanks a lot for posting it! I will update here if I see the issue again or anything else indicating similar issue.
This malware affects routers and not devices
to solve this try to reset your router
Hi Guys/Girls,
Living in Australia we've got some issues getting to Netflix.
We need to use DNS servers for proxies so we can connect (Geoblocking and such)
I'm not looking at wanting to set the DNS on the Wi-Fi connection itself, as I often use networks out of my own Wi-Fi connection at home.
I know I need to set IP addresses manually in the Wi-Fi menu for the DNS option to show up.
I am unable to get Netflix to work at all.
I've tried 2 used apps on my phone (Galaxy S5)
DNS forwarder - http://goo.gl/VGpr0M
Static DNS for Wifi - [STRIKE]http://goo.gl/LQV8br[/STRIKE] - Since looked and stated it's not working on 5.0 yet..
Testing the apps on my KitKat 4.4.2 S5 - This works fine.
Tested on my Nexus 9 5.0 (LRX21L) - Fails to work (Netflix is not available in your country)
Does anyone know if the way of setting DNS with apps is broken since the changeover?
Since lollipop, android seems to have a problem with custom DNS server...
I've post on diffrents threads on XDA and opened a issue on the android tracker : https://code.google.com/p/android/issues/detail?id=79504
Ah, that makes sense then.
I shall keep an eye on that!
Hi!
I've got Nokia 7.2 with android 10 and I have interesting issue with android's VPN functionality.
My VPN is l2tp/ipsec PSK. It is working well, but with one interesting aspect.
My VPN server has another services on it's ip (http and etc).
If VPN is used on-demand (manual activating) - all is ok, I can use server's other services.
But if I switch VPN to "always-on" state - server's other services become unavailable.
Browser showing Error "ERR_NETWORK_ACCESS_DENIED"
What is interesting also - i can't ping vpn server's ip from phone. Ping command brings error message "do you want to ping broadcast". It seems like an error in netmask, but ifconfigs between 'on-demand' and 'always-on' are similar.
Phone is not rooted, so I can't check routes (or i don't know how to do it w\o root)
What can advice more experienced users? Where should i look into.
Thanks for any response in advance.