User profile for user: NickUK
NickUK Author
User level: Level 1
8 points

Safari trying to access DNS addresses

In the last couple of days everytime I open Safari (5.0.3), LittleSnitch comes up saying Safari wants to access 8.8.8.8 (Google Public DNS) and 208.67.222.222 (OpenDNS) using UDP on port 53.

I've never had this before (Safari should only really be accessing port 80 and 443) as DNS is handled by the OS. My network settings are set to use the router's IP and the router is set to my ISP's DNS servers, so no reason why it should need to use these services.

Does anyone have any ideas why Safari would be behaving like this or are seeing the same thing?

MacBook Pro 15.4" 2.4GHz 2GB RAM nVidia 8600M GT 256MB, Mac OS X (10.5.8), iPhone 3GS 4.2.1 32GB on o2 UK

Posted on Jan 18, 2011 1:51 PM

Reply
10 replies
User profile for user: NickUK
NickUK Author
User level: Level 1
8 points

Jan 19, 2011 11:52 AM in response to andyBall_uk

It's never happened before, so it seems odd to me. I wouldn't have thought the DNS prefetching would have caused it as I've been using Safari for years.

I've also never used the Google or OpenDNS servers. The only IPs listed in the network config are 62.24.128.17 and 62.24.199.23 which are my ISPs DNS servers and come from the DHCP configuration.

I created a new user and it does exactly the same as my account.

Carolyn, I find your answer confusing as LittleSnitch is the one detecting the problem and I don't want to use Google or OpenDNS.
Reply
User profile for user: beckford
beckford
User level: Level 1
9 points

Jan 19, 2011 8:35 PM in response to Carolyn Samit

I'm sorry but that makes no sense. You are saying solve the problem by uninstalling the tool that found it?

Anyway:

networksetup -getdnsservers AirPort will tell you where osX is looking for dns.

scutil --dns will tell you something as well.

The Snitch is your friend. So is ipfw, albeit a rather taciturn and irritable one. I'd suggest making sure any DNS packets go out the way you decide.
Reply
User profile for user: Carolyn Samit
Carolyn Samit
User level: Level 10
165,725 points

Jan 18, 2011 3:22 PM in response to NickUK

Hi,

Little Snitch is most likely the problem.

Run the uninstaller here http://www.obdev.at/technotes/uninstall-little-snitch.html

Then restart your Mac, launch Safari.

If you want to avoid browser re directs by your ISP you can use Google's DNS, but you may find Open DNS has better security, it's free, and offers anti phishing filters.

http://www.opendns.com/start

Click: Free / Basic














Carolyn 🙂
Reply
User profile for user: NickUK
NickUK Author
User level: Level 1
8 points

Jan 20, 2011 11:13 AM in response to NickUK

Thanks for your responses.

I've installed Wireshark to see what Safari was actually querying those IPs for and it appears it's looking up www.google.com but everything else uses my router for DNS queries.

I've got www.google.co.uk in my Top Sites but that's looked up using the router.

If this is correct, why would Safari use 8.8.8.8 and 208.67.222.222 to lookup www.google.com twice?
Reply
User profile for user: NickUK
NickUK Author
User level: Level 1
8 points

Jan 23, 2011 5:59 AM in response to _11220_

11220 do you have Rapport installed? It's a security program which many banks provide.

I've got a feeling Rapport might be causing this as Firefox does it too (it installs in Safari and Firefox) but Opera and Chrome don't. There's an option in Rapport that says about protecting against phishing and malware web sites (both Google Public DNS and OpenDNS do this). I've disabled that option but it still does it, so I'm unsure.

It's hard to diagnose because it's not every startup...
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Safari trying to access DNS addresses

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up