Sticky

Webroot DNS - How is it working for you?

  • 26 February 2019
  • 30 replies
  • 793 views


Show first post

30 replies

Userlevel 5
Badge +11
Hi Kiran,

When are Site Only Admins going to have the ability to manage DNS settings in the GSM? This is becoming a real hassle for our team.

Thanks,
Alex


Understand your concern Alex. We are looking at simplifying and modifying the Access control side of things.. I would like to hear about your specific requests, ie: As a Site Admin, what are all the DNS and SAT features are you interested in having WRITE ability on.

Thanks
-Kiran
Badge +1
Hi Kiran,

Thanks for the quick reply. Right now our biggest concern is that we cannot grant any access for site admins. In Co-IT environments we can't grant our customers the ability to control their own site for DNS. Not having control over their own environment is making their experience with Webroot very frustrating.

Regards,
Alex
Userlevel 1
Badge +7
I have only just started to roll this product out and I have not had good results so far. I have just had to roll it back from a site with 117 endpoints as it was changing the computers DNS to 127.0.0.1 and as such killing all internet connectivity. Given this is a 100% Citrix site that meant it killed productivity for the whole office. I read the forums and it was my interpretation that this particular issue was caused by the NIC not initialising before the DNS service started and that this was resolved months ago, I guess not.
I have a couple of other smaller sites that have not complained of this issue at all so for me it is a mixed bag. I am certainly putting my rollout of this on hold as I am not confident in the product as it stands. I have 158 sites in my GSM so I need to be confident in the product so I don't create a widespread negative impact.
AndrewHonestly our experience hasn't been great. We're an MSP and we're using this with the hope of having a managed DNS offering for our clients as we haven't used one up until now.

Since deploying we're having struggles with it. We have problems where techs go onsite to clients and can't get at the internet. Disbling Webroot DNS always solves the issue.

Another example is today, I updated my Windows 10 to the latest 1903 feature update and after rebooting, my machine would not connect to the internet or our domain. I have do disable Webroot DNS to get this to work again.

We're not having problems all the time but it's frequent enough that we're getting frustrated with the product.

We believe there may be times where we're in tightly secured areas and the custom ports Webroot requires are not open. In those situations, it reverts back to our previously set DNS which was from our internal network and won't work when at a different site. That seems to be a bad design. To me it should revert to Dynamic DNS and then prompt the user with a warning that they're not protected. I'm worried if we start deploying this to client machiness we're going to be getting a lot of clients complaining with issues.



Good to hear others are still facing similar issues with the DNS client. The site I manage sees this from time to time as-well across some of our machines. I also see this: The NIC reports no internet connectivity at times (yellow exclamation in taskbar :: 'No internet access' status) but yet there is actually Internet. (Can ping 1.1.1.1, ping google.ca, etc aswell as navigate to Internet based sites from the machine).

If I disable the agent or restart DNS by re-applying "Automatic DNS configuration" it seems to fix the issue (but not permanently).
Userlevel 1
Badge +7
Another issue to add:

End user will report that their PC is extremely slow. When the Task Manager is opened you can intermittently see WebRoot and the Windows Network Service killing the HD. It pins the usage at 100%.

Since it's a combination of the Network Service + WebRoot it has me thinking it must somehow be related to the WebRoot DNS implementation somehow.

If I modify my default policies to allow a manual shutdown of the WebRoot application and then tell them to refresh their configuration -- they report that shutting down WebRoot instantly solves the issue. (I've seen it myself too)

During these periods of slowness WebRoot is not scanning nor is the PC under any particular load.
Userlevel 1
Badge +7
Chiming in to add a solution for the issues in my last two posts. The following group policy change has *so far* (knocks on wood) solved all of my issues with the DNS client on the pilot PC's I've tested with.

It appears the issues all boiled back to a problem with the PC's not behaving correctly when the DNS settings are configured for the local loop back interface. From what I understand, this GP change enables/better facilitates handling DNS over the local loopback address. (127.0.0.1)

Note: You will need administrative rights.

Hit the Windows key on your keyboard, begin typing "Group Policy".

Select the following result:



Navigate through the GP tree as follows:

Computer Configuration
- Administrator Templates
-- Network
--- Network Connectivity Status Indicator

Change it from Not Configured (or Disabled) to Enabled.
Ensure the "Use global DNS" checkbox is also selected.

Apply and OK.

Reboot PC to ensure changes take effect.

Reply