To Customer Support To Customer Support
BETA

DNS Leak Prevention Beta

  • 12 September 2023
  • 6 replies
  • 261 views
DNS Leak Prevention Beta
JonathanB
Rank
Userlevel 3
Badge +7

We are very pleased to announce the launch of the DNS Leak Prevention Beta. This is an opportunity for us to share with you the feature we are about to release, as well as to solicit feedback, both from a technical and functionality perspective.

 

Download the Beta Runner here.

Documentation available here.

 

What is DNS Leak Prevention?

 

This is a new patent pending feature of the Webroot DNS Protection product. It is designed to provide control of DNS by blocking all alternate DNS resources aside from those configured in Webroot DNS Protection. This is done by locking down port 53 TCP and UDP (DNS), port 853 TCP (DNS over TLS), and port 443 TCP to known DoH providers.

 

Why are we creating DNS Leak Prevention?

 

As Webroot DNS Protection is a DNS filtering product, if we are not filtering every DNS request, it means that things are being missed. For example, if a web browser were to be configured to get DNS resolution directly from its own server, and disregard what was configured on the operating system, not only would the DNS resolution not be filtered, it would not be controlled nor logged, and not be provided by an approved resolver.

 

How does DNS Leak Prevention work?

 

DNS Leak Prevention functions on the DNS Protection agent and provides Policy settings to selectively block communication on port 53 (DNS), port 853 (DoT), and port 443 (DoH).

 

What do I need to participate in the Beta?

 

You do not need to be a Webroot customer to access the Beta. However, you will need to establish a trial if you do not already have a DNS Protection license. More information on establishing a trial can be found in the documentation.

Once you have an active license of Webroot DNS Protection, you will need to download and install the Beta Runner. This is a fast and very lightweight mechanism that will both manage the install of the DNS Protection agent, as well as configure the DNS Leak Prevention settings (please note that the Beta Runner will no longer be needed once the feature is fully released).

 

How to Provide Feedback:

 

Inside the Beta Runner is a Feedback button. This will allow you to submit logs from the Beta as well as add comments. Please note that upon exit, the Beta Runner will also upload the logs that were generated while testing.

 

We look forward to your feedback and suggestions!

 

 

What will Happen with the Beta Completes?

 

The installed Beta version of the DNS Protection agent will automatically update to the current production release. The setting controlled by the Beta Runner will no longer apply. If you no longer wish to run the DNS Protection agent after the Beta, it can be uninstalled through the Beta Runner or through Add/Remove Programs.

It is recommended to uninstall the Beta Runner after the Beta completes – although leaving it installed will not cause any issues.

 

Sr. Product Manager, Webroot DNS Protection

6 replies

JonathanB
Rank
Userlevel 3
Badge +7

There is an opportunity for feedback provided in the Beta Runner. I will also be paying attention to this thread, so please add any suggestions, feedback or anything else I can help with here. Have fun everyone!  

Sr. Product Manager, Webroot DNS Protection
J
Rank
Userlevel 7
Badge +33

Got this installed already. Kinda buggy, but seems to do the job. 

Does the Runner need to be left open or does it continue to run if I close the window?

 

John H

JonathanB
Rank
Userlevel 3
Badge +7

@jhartnerd123  - The Beta Runner does not need to be running for the DNS Leak Prevention functionality to persist. Of note, the DNS Protection Agent service defaults to manual in the beta, so if you want it to startup automatically upon reboot, you may want to toggle it to automatic.

 



Hopefully not too buggy even if it is a beta. Any quirks I should know about?

Sr. Product Manager, Webroot DNS Protection
J
Rank
Userlevel 7
Badge +33

@JonathanB 
 

Agent v4.2.0.591 is the beta agent correct?

That might almost be left to a day where we can chat over Teams/Zoom or a remote session.

What’s the expected behavior when, say an app (say FireFox browser set to use DoH) (or a VPN app that has a setting to use it’s own DNS) attempts to use it’s settings? Simply not function??? or.. .will Leak Prevention/DNS Agent take over and perform resolution. 

John H

JonathanB
Rank
Userlevel 3
Badge +7

Leak Prevention does not try to intercept 443, but rather blocks it, so this really depends on the application. For instance, Firefox has an option where if DoH does not resolve, it reverts back to you original DNS settings or stops resolving completely and displays an error.

Agent 4.2.0.591 is the current beta - noted in the Beta Runner but not called out in add/remove programs.

 

I am always available to chat and run through the functionality!
 

Sr. Product Manager, Webroot DNS Protection
J
Rank
Userlevel 7
Badge +33

K, Let’s setup a time in the near future to chat. 

John H

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.