Can't open any websites (DNS redirection with Malwarebytes)

[tachigami]

The Issue has become right after installing Malwarebyes anti-virus.
Any scripts with dnsredir cause to this issue. Can do ping but can't get domain name.

Workaround: Got new DNS IP and PORT form https://servers.opennic.org/ to replace 77.88.8.8
Solution: ???

[ValdikSS]

So you installed anti-virus and could no longer use dnsredir? Does this anti-virus have firewall function? Please check if it blocks port 1253 or IP address 77.88.8.8. Or better install Wireshark, run it with "port 1253" filter and see what's going on.

[tachigami]

@ValdikSS no. I can no longer use dnsredir with 77.88.8.8, but --dns-addr 185.121.177.177 --dns-port 1053 is ok for some reason. Yes there is firewall but I don't believe it blocks some ports by default

[ValdikSS]

Can you make traffic dump with Wireshark to port 1253?

[tachigami]

@ValdikSS I've made a traffic dump for you

Another strange thing I've noticed even with no Malwarebytes installed that execution of 'apk update' fails due to DNS Lookup error in Docker Alpine container with port 1053 and 185.121.177.177 but in host system it works.
I've find out that in Docker the issue was with the port 1053 but port 53 or default "3_all_dnsredir_hardcore" works fine, so I don't see a much problem but here's a dump.

[ValdikSS]

Please add --dns-verb to the command line and run it again.

[ValdikSS]

I can confirm the issue with Malwarebytes. Will investigate.

[ValdikSS]

Sorry, I don't know why this happens. Malwarebytes intercepts DNS queries and re-injects DNS replies, but the application which performed DNS query can't receive them. Current GoodbyeDPI version drops incoming DNS retransmissions, but changing it to handle retransmissions and pass them to the application doesn't fix the issue.
What confuses me the most is that Malwarebytes handles DNS queries on port 1253, but not on 1053 (these are very unusual ports for DNS).

I don't know how can I workaround this issue in GoodbyeDPI. I tried to increase filter priority and to exclude local addresses, and it still doesn't work with Malwarebytes.

I'll write to Malwarebytes tech support and we'll see how it goes.

[ValdikSS]

Malwarebytes asked me for a debug log several days ago. I've sent it.

[ValdikSS]

No updates yet. Asked for status once more.

[ValdikSS]

Jun 26, 08:49 PDT

Our Developers are still working on this and hope to have this resolved in the next update which is tentatively scheduled for next week.

As soon as that update is ready, I'll reach out to you and let you know.

[ValdikSS]

Please try GoodbyeDPI v0.1.5rc3
https:/ValdikSS/GoodbyeDPI/releases/tag/0.1.5rc3

Should be fixed in this version. Please reopen this ticket if issue is still present in this version.