Announcement

Collapse
No announcement yet.

Sites broken when using Dome

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sites broken when using Dome

    I am currently testing out dome at home as a parental control solution.

    I have been having a few issues with websites not displaying properly, the issues looks like like they are not processing CSS.
    if I switch DNS to google dns, then the same sites display just fine, so it seems to be DOME DNS is the cause.

    I am also getting my family often complaining of slow internet access, but I do not experience this as I am using Google DNS.

    Anyone aware of such an issue?



  • #2
    Dome sometimes suffers issues with speed on DNS resolution. Best thing to do is contact Support (domesupport@comodo.com) with you location and that things are going slow and they will work out which nodes your using and solve the issue.

    The websites not displaying correctly will more that likely be due to CDN of the website being blocked.

    We have added the most well known CDN systems to our whitelisted and this solves all the issues of pages displaying wrong.
    Robin
    Director
    Strobe Technologies Ltd
    https://www.strobe-it.co.uk/

    Comment


    • #3
      The thing is that broken site issue seems to be quite random. The same site would have been working fine a couple of days beforehand.

      Comment


      • #4
        They could have added a CDN to the list due to a bad site or maybe you are blocking something that is related to a CDN.

        If you look in the blocked logs it will show you that is more than likely a CSS file on a CDN
        Robin
        Director
        Strobe Technologies Ltd
        https://www.strobe-it.co.uk/

        Comment


        • #5
          Good to know. I'm going to be testing this program this coming week.

          Comment


          • #6
            As StrobeTech said it might be related with miscategorized CDN. Please send the list of the sites to domesupport@comodo.com with either some screenshots (better wit Developer tools Network tab ) or HAR file https://support.zendesk.com/hc/en-us...roubleshooting. We can identify and resolve the problem quickly.

            Regarding the slowness, we are improving us a lot. As you can see https://www.dnsperf.com/#!dns-resolvers,North%20America (Shield is shown as NuSEC there) the response time is now much better than Google DNS. Time to time due to DDOS, server problems or maintenance, some regions might feel performance drops but it should be temporary.

            Comment


            • #7
              ok it is the CDN that is the cause, however not because it is being blocked, but because it is causing an SSL error, which stop the resources from being loaded by the site.
              example: just-eat.co.uk

              Here is a screesnhot, showing the error that comes from one of the CDN resources
              https://shots.screenr.co/screenr.html?id=YHJyO9383hle

              When checking the SSL cert, the original SSL cert is being replaced by a comodo certificate, which is causing the error.

              Comment


              • #8
                Have you deployed the SSL of Dome to all your devices??

                Doing this should solve the issue.

                There is a script for this, but I cannot remember off the top of my head which one works as there are two of them for this.

                ozermetin can you let us know which script installs the Comodo SSL to solve this?
                Robin
                Director
                Strobe Technologies Ltd
                https://www.strobe-it.co.uk/

                Comment


                • #9
                  yes that is because the site has served the content via https and since we are redirecting it to the block page, it reject our MITM certificate.
                  normally the agents installs the cert automatically. If you want to download the cert it is under block pages. If you are using ITSM
                  there is predefined procedure to install the cert to the agents. I have attached the screenshots here


                  Comment


                  • #10
                    ozermetin ,

                    Is this the same? https://scripts.itarian.com/frontend...horities-store

                    Comment


                    • #11
                      Originally posted by Jimmy View Post
                      yes the same

                      Comment


                      • #12
                        Thanks for the info.... Shame that support did not know this was required, despite me sending a screencast and telling them 5-6 times that the cause was the ssl cert.

                        Comment


                        • #13
                          ozermetin you should update the dome setup guide, which is what I followed, as it does not mention having to install this root certificate.

                          Comment

                          Working...
                          X