Firewall shows firefox with UDP connection to 208.67.222.222 but not netstat

I’ve noticed that comodo firewall shows firefox.exe with an active connection to 208.67.222.222:53 -

Protocol - UDP OUT
Source - 192.168.1.2:52521
Destination - 208.67.222.222:53

Now I know 208.67.222.222 is OpenDNS but I don’t use openDNS so why is firefox connecting to it?

It doesn’t connect for every site I visit but reliable connects when I visit google.

I’ve scanned with spybot S&D, Malewarebytes Antimalware and avira antivirus and come up clean.

My computer is connected to a router so the computers DNS server is set to 192.168.1.1 the router is set to get DNS server addresses automatically current set to 194.168.4.100 & 194.168.8.100 the correct virginmedia dns servers.

Netstat results when visiting google.co.uk in firefox -

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:44080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:44110 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
TCP 127.0.0.1:44080 127.0.0.1:49739 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49741 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49811 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49833 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49835 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49837 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49839 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49853 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49855 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49863 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49865 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49867 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49869 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49871 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49873 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49875 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49877 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49879 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49881 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49885 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49887 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49889 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49891 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49893 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49895 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49901 TIME_WAIT
TCP 127.0.0.1:44080 127.0.0.1:49903 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49905 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49907 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49909 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49911 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49913 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49919 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49921 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49923 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49925 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49927 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49929 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49931 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49933 FIN_WAIT_2
TCP 127.0.0.1:44080 127.0.0.1:49935 ESTABLISHED
TCP 127.0.0.1:44080 127.0.0.1:49937 ESTABLISHED
TCP 127.0.0.1:49703 127.0.0.1:49704 ESTABLISHED
TCP 127.0.0.1:49704 127.0.0.1:49703 ESTABLISHED
TCP 127.0.0.1:49705 127.0.0.1:49706 ESTABLISHED
TCP 127.0.0.1:49706 127.0.0.1:49705 ESTABLISHED
TCP 127.0.0.1:49739 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49741 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49793 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49795 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49797 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49801 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49805 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49809 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49811 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49817 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49819 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49821 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49823 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49825 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49827 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49829 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49831 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49841 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49843 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49845 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49849 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49851 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49863 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49879 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49883 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49885 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49887 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49889 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49891 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49893 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49895 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49897 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49899 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49903 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49905 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49907 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49909 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49911 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49913 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49915 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49917 127.0.0.1:44080 TIME_WAIT
TCP 127.0.0.1:49919 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49921 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49923 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49925 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49927 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49929 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49931 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49933 127.0.0.1:44080 CLOSE_WAIT
TCP 127.0.0.1:49935 127.0.0.1:44080 ESTABLISHED
TCP 127.0.0.1:49937 127.0.0.1:44080 ESTABLISHED
TCP 192.168.1.2:49740 66.102.9.103:80 ESTABLISHED
TCP 192.168.1.2:49742 66.102.9.103:80 ESTABLISHED
TCP 192.168.1.2:49794 74.125.79.100:80 TIME_WAIT
TCP 192.168.1.2:49796 74.125.79.100:80 TIME_WAIT
TCP 192.168.1.2:49798 74.125.79.100:80 TIME_WAIT
TCP 192.168.1.2:49802 74.125.79.100:80 TIME_WAIT
TCP 192.168.1.2:49804 74.125.79.190:443 TIME_WAIT
TCP 192.168.1.2:49806 74.125.79.101:80 TIME_WAIT
TCP 192.168.1.2:49810 66.102.9.103:80 TIME_WAIT
TCP 192.168.1.2:49812 66.102.9.100:80 ESTABLISHED
TCP 192.168.1.2:49818 98.124.249.20:80 TIME_WAIT
TCP 192.168.1.2:49820 88.221.88.25:80 TIME_WAIT
TCP 192.168.1.2:49822 88.221.88.25:80 TIME_WAIT
TCP 192.168.1.2:49824 88.221.88.25:80 TIME_WAIT
TCP 192.168.1.2:49826 88.221.88.25:80 TIME_WAIT
TCP 192.168.1.2:49828 88.221.88.25:80 TIME_WAIT
TCP 192.168.1.2:49830 88.221.88.25:80 TIME_WAIT
TCP 192.168.1.2:49832 88.221.88.25:80 TIME_WAIT
TCP 192.168.1.2:49842 88.221.88.73:80 TIME_WAIT
TCP 192.168.1.2:49844 88.221.88.73:80 TIME_WAIT
TCP 192.168.1.2:49846 88.221.88.73:80 TIME_WAIT
TCP 192.168.1.2:49850 88.221.88.73:80 TIME_WAIT
TCP 192.168.1.2:49852 88.221.88.73:80 TIME_WAIT
TCP 192.168.1.2:49860 209.85.229.102:80 TIME_WAIT
TCP 192.168.1.2:49862 209.85.229.102:80 TIME_WAIT
TCP 192.168.1.2:49864 66.102.9.104:80 ESTABLISHED
TCP 192.168.1.2:49880 66.102.13.118:80 ESTABLISHED
TCP 192.168.1.2:49884 195.93.80.36:80 TIME_WAIT
TCP 192.168.1.2:49886 77.67.21.169:80 ESTABLISHED
TCP 192.168.1.2:49888 77.67.21.169:80 ESTABLISHED
TCP 192.168.1.2:49890 77.67.21.169:80 ESTABLISHED
TCP 192.168.1.2:49892 77.67.21.169:80 ESTABLISHED
TCP 192.168.1.2:49894 77.67.21.169:80 ESTABLISHED
TCP 192.168.1.2:49896 77.67.21.169:80 ESTABLISHED
TCP 192.168.1.2:49898 77.67.21.41:80 TIME_WAIT
TCP 192.168.1.2:49900 77.67.21.41:80 TIME_WAIT
TCP 192.168.1.2:49904 77.67.21.169:80 ESTABLISHED
TCP 192.168.1.2:49906 77.67.21.169:80 ESTABLISHED
TCP 192.168.1.2:49908 77.67.21.169:80 ESTABLISHED
TCP 192.168.1.2:49910 77.67.21.169:80 ESTABLISHED
TCP 192.168.1.2:49912 77.67.21.169:80 ESTABLISHED
TCP 192.168.1.2:49914 77.67.21.169:80 ESTABLISHED
TCP 192.168.1.2:49916 64.12.79.143:80 TIME_WAIT
TCP 192.168.1.2:49918 195.93.80.36:80 TIME_WAIT
TCP 192.168.1.2:49920 74.207.228.165:80 ESTABLISHED
TCP 192.168.1.2:49922 74.207.228.165:80 ESTABLISHED
TCP 192.168.1.2:49924 74.207.228.165:80 ESTABLISHED
TCP 192.168.1.2:49926 74.207.228.165:80 ESTABLISHED
TCP 192.168.1.2:49928 66.102.9.104:80 ESTABLISHED
TCP 192.168.1.2:49930 74.207.228.165:80 ESTABLISHED
TCP 192.168.1.2:49932 74.207.228.165:80 ESTABLISHED
TCP 192.168.1.2:49936 66.102.9.100:80 ESTABLISHED
TCP 192.168.1.2:49938 91.198.174.232:80 ESTABLISHED
TCP [::]:135 [::]:0 LISTENING
TCP [::]:5357 [::]:0 LISTENING
TCP [::]:49152 [::]:0 LISTENING
TCP [::]:49153 [::]:0 LISTENING
TCP [::]:49154 [::]:0 LISTENING
TCP [::]:49155 [::]:0 LISTENING
TCP [::]:49156 [::]:0 LISTENING
UDP 0.0.0.0:500 :
UDP 0.0.0.0:3702 :
UDP 0.0.0.0:3702 :
UDP 0.0.0.0:3702 :
UDP 0.0.0.0:3702 :
UDP 0.0.0.0:4500 :
UDP 0.0.0.0:5355 :
UDP 0.0.0.0:51151 :
UDP 0.0.0.0:55897 :
UDP 0.0.0.0:60157 :
UDP 127.0.0.1:56415 :
UDP [::]:500 :
UDP [::]:3702 :
UDP [::]:3702 :
UDP [::]:3702 :
UDP [::]:3702 :
UDP [::]:4500 :
UDP [::]:51152 :
UDP [::]:55898 :

Welcome to the forums. :slight_smile:

192.168.1.1 is your default gateway (the IP of your router that your network devices see), not your DNS server.

I found this on Wikipedia. Apparently, Google uses OpenDNS, so it sometimes redirects to their servers.

While the OpenDNS name resolution service is free, people have complained about how the service handles failed requests. If a domain cannot be found, the service redirects users to a search page with search results and advertising provided by Yahoo!. A DNS user can switch this off via the OpenDNS Control Panel but will lose content filtering ability. This behavior is similar to that of many large ISP's who also redirect failed requests to their own servers containing advertising. [16]

In 2007, David Ulevitch explained that in response to Dell installing “Browser Address Error Redirector” software on their PCs, OpenDNS started resolving requests to Google.com. Some of the traffic is handled by OpenDNS typo-correcting service which corrects mistyped addresses and redirects keyword addresses to OpenDNS’s search page, while the rest is transparently passed through to the intended recipient.[17]

Also, a user’s search request from the address bar of a browser that is configured to use the Google search engine (with a certain parameter configured) may be covertly redirected to a server owned by OpenDNS without the user’s consent (but within the OpenDNS Terms of Service).[18] Users can disable this behavior by logging in to their OpenDNS account and unchecking “OpenDNS proxy” option.[19] Additionally, Mozilla users can fix this problem by installing an extension[20] or by simply changing or removing the navclient sourceid from their keyword search URLs.

This redirection breaks some non-web applications which rely on getting an NXDOMAIN for non-existent domains, such as e-mail spam filtering, or VPN access where the private network’s nameservers are consulted only when the public ones fail to resolve.