Why is my DNS setting changing overnight?

HunterBD wrote:

Would you care to repeat that on the BT Forum?

No. This one forum takes up too much of my time as it is.

Or may I reproduce it there for you?

I would appreciate it if you didn't. I am not an authority on these matters. Plus, I am not anonymous like most people on the forums. I've just spent an awful lot of money on business liability insurance. I need to start doing a better job of avoiding the kind of inflammatory statements that I made above.

https://community.bt.com/t5/Home-setup-Wi-Fi-network/Frustrating-DNS-situation/m -p/1827101#M150678

Other folk are now commenting there!

I really don't think there is any problem there. Your WiFi router is a DHCP server for any devices connected to it. A DHCP server will assign an IP address to its clients, give the clients its own IP address to use as a router so they can connect to the outside world, and it will give its clients a couple of DNS servers so that they can perform IP address lookups using names like "apple.com".

Years ago, it was common for internet routers to provide their own IP address as a DNS server. The router would then act as a caching DNS server, forwarding any requests back to the ISP's own DNS server. This is the way the DNS system was designed. However, it just didn't scale.

It turned out that ISPs weren't particularly good at managing DNS servers. Slow DNS lookups were a common problem a few years ago. Overriding one's ISP-provided DNS with servers from OpenDNS, and later Google's DNS, was a quick-and-easy fix.

Since then, it has become more and more common that ISP simply don't bother hassling their customers and just configure their routers to provide OpenDNS or, more likely, Google DNS. Google has proven quite clever about providing services that are so easy and high performance that they quickly become an internet infrastructure in their own right. This was not an accident or ISPs taking advantage of Google. This is by Google's design.

That is almost certainly what is happening in your case. Your ISP has simply configured your router to provide Google's DNS to your locally connected WiFi clients. If you read the instructions for all the other operating systems, they don't make any mention of any DNS addresses. They just say to make sure "Obtain DNS server address automatically" is selected. It is the same for macOS. They just never updated the web site for the Mac. You can tell how old that page is by looking that the included Mac screenshots. They date from Mountain Lion at least, if not long before. Again, that is typical for ISPs.

The 8.8.8.8 DNS address happens to be Google’s public DNS server, free for anyone to use. It sounds to me like there is something installed on your system that is changing your DNS settings to Google’s. Google’s DNS servers can collect your personal data by keeping track of everywhere you go on the Internet. Are you the only user of your system?

Hello HunterBD,

Always be suspicious of anything your ISP tells you. Their documentation, and equipment, is usually years out of date. The IP address of 192.168.1.254 would only be valid if your router itself is providing DNS. Often they do provide DNS. They will forward such DNS requests back to the ISP. But then, ISPs are usually years out of date. Their DNS servers are often particularly bad. Years ago, a standard fix for people complaining about slow internet was to use a publicly available DNS like OpenDNS. Now Google and some others provide free DNS. This means the ISP don't have to bother anymore. That's fine because they always did a bad job with it anyway. It is probably your own ISP that is changing your DNS to something more reliable. I wouldn't worry about it. If you want, you could use a different DNS like OpenDNS. In this age of security paranoia, there are many companies that sell VPNs and DNS access as a security measure.

HunterBD wrote:

Tell me, please - are you the author of EtreCheck? If so, we have been in email contact!

Yes. I am the developer of EtreCheck. I apologize if I don't recognize you. I'm not very good with names to begin with and internet forums don't help. It is really awkward when someone that I've known for years here in the forums sends me an e-mail and I have no idea who they are.

I'm not sure about your screenshots comment though. I'm using High Sierra and this is what I see!

I was referring to the visual style of the windows. That was the part you cropped out. Before Google Chrome, people used to call that the "chrome" - meaning pretty and flashy but with little functional value. Why Google chose to adopt that name I'll never know.

But on screenshots like that, you can tell from the appearance of the window control buttons in the upper left corner, and sometimes the toolbar colour, what version of macOS was used for the screenshots. The BT screenshots even lacked a padlock in the lower left corner. I only have VMs going back to 10.8, so I can't easily check to see when the padlock first appeared. But clearly, those are old screenshots. When they made those screenshots, the accompanying instructions were standard practice. In those days, they wanted to make sure people were using the DNS cache built into their routers instead of hitting the ISP's DNS with every request. But today, internet speeds are faster and Google has the capacity to handle all DNS requests, from everyone, so that is no longer an issue.

Also, years ago, it was common practice to override DNS settings to get better internet performance. That is rarely done anymore. Consequently, Apple probably isn't going to notice if those overrides aren't sticking like they used to. I don't know. I may be possible to fix that somehow. I can virtually guarantee that it won't be worth your time. All you would get for your trouble is slower and less reliable DNS lookups.

My understanding is which DNS setting your computer uses isn't of much consequence as long as it will connect (and stay connected) to the Internet.

As to why your is changing I wouldn't know.

So what made you suspect that it was this VPN doing the dirty deed?

If you think you might have a malware problem then you need to check for and remove it using either one of two excellent utilities, MalwareBytes or EtreCheck. My personal preference is MalwareBytes which does offer a free version to remove any malware.

Malwarebytes | Free Cyber Security & Anti-Malware Software

If you in fact do have malware hijacking your DNS it is highly unlikely it would be setting your DNS to Google’s public server instead of one that can grab your data and use it against you.