We are very pleased to announce the launch of the DNS Leak Prevention Beta. This is an opportunity for us to share with you the feature we are about to release, as well as to solicit feedback, both from a technical and functionality perspective.
Download the Beta Runner here.
Documentation available here.
What is DNS Leak Prevention?
This is a new patent pending feature of the Webroot DNS Protection product. It is designed to provide control of DNS by blocking all alternate DNS resources aside from those configured in Webroot DNS Protection. This is done by locking down port 53 TCP and UDP (DNS), port 853 TCP (DNS over TLS), and port 443 TCP to known DoH providers.
Why are we creating DNS Leak Prevention?
As Webroot DNS Protection is a DNS filtering product, if we are not filtering every DNS request, it means that things are being missed. For example, if a web browser were to be configured to get DNS resolution directly from its own server, and disregard what was configured on the operating system, not only would the DNS resolution not be filtered, it would not be controlled nor logged, and not be provided by an approved resolver.
How does DNS Leak Prevention work?
DNS Leak Prevention functions on the DNS Protection agent and provides Policy settings to selectively block communication on port 53 (DNS), port 853 (DoT), and port 443 (DoH).
What do I need to participate in the Beta?
You do not need to be a Webroot customer to access the Beta. However, you will need to establish a trial if you do not already have a DNS Protection license. More information on establishing a trial can be found in the documentation.
Once you have an active license of Webroot DNS Protection, you will need to download and install the Beta Runner. This is a fast and very lightweight mechanism that will both manage the install of the DNS Protection agent, as well as configure the DNS Leak Prevention settings (please note that the Beta Runner will no longer be needed once the feature is fully released).
How to Provide Feedback:
Inside the Beta Runner is a Feedback button. This will allow you to submit logs from the Beta as well as add comments. Please note that upon exit, the Beta Runner will also upload the logs that were generated while testing.
We look forward to your feedback and suggestions!
What will Happen when the Beta Completes?
The installed Beta version of the DNS Protection agent will automatically update to the current production release. The setting controlled by the Beta Runner will no longer apply. If you no longer wish to run the DNS Protection agent after the Beta, it can be uninstalled through the Beta Runner or through Add/Remove Programs.
It is recommended to uninstall the Beta Runner after the Beta completes – although leaving it installed will not cause any issues.