Skip to main content
To Customer Support To Customer Support

The feedback we received from the previous beta was foundational to its success – to the extent that we did not receive one bug complaint or call to Support indicating a problem!! This community is truly awesome! – Thank you!

Further feedback mentioned that the previous beta was challenging to participate in as you needed either a trial of DNS Protection or an active Webroot Management Console. We hear you! With this next beta, this time, no Keycode will be required! Simply download and use the Beta Runner! However, if you prefer to use a Keycode you already have, it can be specified.

Why a second beta?

No software should ever stand still, it must evolve and progress! The second release of DNS Leak Prevention has some awesome new features that further augment Leak Prevention; namely, we have added the ability to dynamically detect DoH servers! Whereas previously we leveraged BrightCloud to provide an up-to-date list, now that is just the foundation to build on - now new DoH servers are detected and blocked automatically! (Yes, another patent in the works)

To demonstrate this, the new Beta Runner automatically displays each DNS server detection and shows the block right in the GUI. You will be amazed at just how many DNS requests try to sneak by!

 

Download the Beta Runner version II  

 

By participating in the beta, you are agreeing to the Webroot Terms and Conditions available here

 

 

 

 

FAQ

 

What is DNS Leak Prevention?

 This is a new patented (granted September 5th, 2023) feature of the Webroot DNS Protection product. It is designed to provide control of DNS by blocking all alternate DNS sources aside from those configured in Webroot DNS Protection. This is done by locking down port 53 TCP and UDP (DNS), port 853 TCP (DNS over TLS), and port 443 TCP to DoH providers.

 

Why are we creating DNS Leak Prevention?

As Webroot DNS Protection is a DNS filtering product, if we are not filtering every DNS request, it means that things are being missed. For example, if a web browser were to be configured to get DNS resolution directly from its own server, and disregard what was configured on the operating system, not only would the DNS resolution not be filtered, it would not be controlled nor logged, and not be provided by an approved resolver.

 

How does DNS Leak Prevention work?

DNS Leak Prevention functions on the DNS Protection agent and provides Policy settings to selectively block communication on port 53 (DNS), port 853 (DoT), and port 443 (DoH).

 

What do I need to participate in the Beta?

You no longer need a license to test the beta – just download the Beta Runner and you are all set!

Note that a default DNS Filtering policy is applied to beta installs. As you might imagine, DNS Leak Prevention is also turned on by default.

 

Is there a Mac agent?

The current plan is for a Mac agent to go into beta on September! As soon as it is available, it will be posted on the community!

 

How to Provide Feedback:

Inside the Beta Runner is a Feedback button. This will allow you to submit logs from the Beta as well as add comments. Please note that the Beta Runner will also upload the logs that were generated while testing.

We look forward to your feedback and suggestions!

 

What Happens when I hit Test?

In order to test the dynamic DoH detection functionality, the test button allows you to either specify a specific an IP or domain to test, or alternately, you can select from 3 known DoH providers. Test will also clear all previous DoH detections so testing can yield results.

 

What will Happen when the Beta Completes?

All agent installations will be pushed an uninstall command, and the beta should uninstall. Additionally, the beta Site associated with the Keycode will be turned off. Any new agents or existing agents that did not uninstall, will no longer intercept DNS requests nor will they provide Leak Prevention. We recommend uninstalling any beta that was not automatically cleaned up.

If you are using a Keycode for a Site you own, the installed beta version of the DNS Protection agent will automatically update to the current production release. If you no longer wish to run the DNS Protection agent after the Beta, it can be uninstalled through the Beta Runner or through Add/Remove Programs.

It is recommended to uninstall the Beta Runner after the Beta completes as it will not be uninstalled automatically – although leaving it installed will not cause any issues.

 

Thank you

Jonathan Barnett 

Lead Product Manager, Webroot DNS Protection

This is AWESOME @JonathanB 

Would love to chat and see this in action

John H

@jhartnerd123 - absolutely!! Definitely looking forward to your feedback!

Hello @JonathanB 

 

I did ask before but can consumers use this product or is it only for Business users? Would consumers have a need for it and would it slow down a fast connection?

 

Thanks,

Not sure?

 

 

 

 

 

23516    2024-08-26 23:31:14Z    INFO    Prevented 1 DNS leaks:
23516    2024-08-26 23:31:14Z    INFO        address=8.8.8.8, port=443, count=1

 

 

 

 

 

 

 

@TripleHelix 

Looks like you are on your way.  :-)

I won’t be far behind bud. I absolutely have a passion for this product and @JonathanB knows that. HAHA. 

I just become impatient that things don’t happen fast enough

Hello @JonathanB 

 

I did ask before but can consumers use this product or is it only for Business users? Would consumers have a need for it and would it slow down a fast connection?

 

Thanks,

The beta can be used by anyone. At this time, it really is a business product - although the filtering is easy to setup and apply so I could see this being viable for consumers if we packaged it in a simple way. The Policy applied for filtering does block security risks. Let me know how the beta works for you and I can pass feedback to our consumer team. 

@TripleHelix

Looks like you are on your way.  :-)

I won’t be far behind bud. I absolutely have a passion for this product and @JonathanB knows that. HAHA. 

I just become impatient that things don’t happen fast enough

I am amazed you haven’t set it up yet 😄

Hello @JonathanB 

 

I did ask before but can consumers use this product or is it only for Business users? Would consumers have a need for it and would it slow down a fast connection?

 

Thanks,

The beta can be used by anyone. At this time, it really is a business product - although the filtering is easy to setup and apply so I could see this being viable for consumers if we packaged it in a simple way. The Policy applied for filtering does block security risks. Let me know how the beta works for you and I can pass feedback to our consumer team. 

Sure thing!

Hi @JonathanB 

 

All mine does now as it keeps saying Loading and nothing else and I tried rebooting what do you say about reinstalling it?

 

Thanks,

Okay had to uninstall both parts and reinstalled and working again for now.

 

Click on pictures to see full size!

 

 

 

Okay had to uninstall both parts and reinstalled and working again for now.

 

Click on pictures to see full size!

 

 

 

 

Interesting - the status is dependent on whether the DNS agent has set loopback for the DNS settings. (DNS settings should be 127.0.0.1 and ::1). If the agent is having trouble communicating with the DNS Protection servers, then it may not set. That or the Service “Webroot DNS Protection Agent” failed to start. Let me know if you see the issue again and we can take a quick look at the logs. 

So far, all is working perfectly. @JonathanB 

 

Tested with two hotspots on my travels, and works seamlessly through my travel router and with VPN’s.  

Memory usage of the new DnsProxySrv.exe service is only very slightly higher (maybe a meg or two), so that’s very reasonable.

And the service so far, hasn’t died on me when going in and out of sleep/hibernate etc… 

How do you test it on the Web? Do you have any URL's?

You can simply try and set Firfox DoH settings to Max Secure and try using one of the providers listed and you won’t be able to surf to a site. 

You can also test something like cleanbrowsing. Go to the test button and put in the domain:

doh.cleanbrowsing.org

and run the test. That will also be blocked. 

You can simply try and set Firfox DoH settings to Max Secure and try using one of the providers listed and you won’t be able to surf to a site. 

You can also test something like cleanbrowsing. Go to the test button and put in the domain:

doh.cleanbrowsing.org

and run the test. That will also be blocked. 

Thanks Buddy!

 

 

 

 

 

 

 

Reply


Terms & Conditions