Change to Dome Shield Licensing

Has anyone else received this email

We want to inform you of an upcoming Dome Shield subscription change that will be going live on October 31, 2018. We will be transforming your account to what will be called Dome Shield Gold. We will also have an upgraded option called Dome Shield Platinum.

Moving forward, starting on October 31, 2018, Dome Shield Gold will only allow 300,000 or less DNS requests each month. If you exceed 300,000 DNS requests a month, equivalent to about 10 users on average, you will need to upgrade to Dome Shield Platinum to access all features and add more users. If you exceed 300,000 DNS requests in a month and dont want to upgrade to Dome Shield Platinum, your current users will still be protected! However, you will only be able to edit the below features:

Edit existing profiles so current user profiles can still be adjusted if needed
View and use reporting dashboard
DNS traffic will still be protected with no interruption

Look out for another email from us on October 31, 2018 when the transformation goes live. If you have any questions about this change, you can email

So does this mean that after 300,000 dns requests filter will just stop?

hi @virtusit


Your protection and service will NOT stop. But you will only be able to edit your existing rules - which are created prior to exceeding the limit. In other words, you will not be able to create new ones until the months’ end but existing ones will NOT stop and you will be able to update and monitor existing ones with no interruptions.

I’ll wait to see the pricing on Dome Shield Platinum, but I want to say now that I think that 300,000 requests is too low given the number of requests made during a typical browsing session to ad domains, CDN servers, etc. I feel like around 800,000 would be more a more comfortable limit, or change this so that you can’t create new policies once the threshold has been reached but you can delete/add users since this could be a problem when onboarding a new client.

hi @Kristan ,

Thank you for your feedback. We appreciate it.

Mainly such recurring web browsing attempts are resolved via local cache until the TTL expires. Hence, the number given above will be mainly consumed by external first time web requests.

This being said, how many endpoints do you cover today and what would you say for a typical customer of yours ?

Hi @bulut ,

Sorry to interject, but I was just reading over the changes to the subscription and noticed that others had questions about it. I wanted to bring to your attention that a lot of people with smaller or distributed systems rely on roaming agents which saturate the dashboard stats with queries to dome shield. Will these be included in the 300,000 cap? See attached.

It’s a little bit of a bummer about the licensing change. We were charging and bidding without adding fees for basic dome functionality, as we thought it best to pay forward our savings to our customers. I am familiar with the no free lunch adage, but I thought that it was part of the Comodo culture. This move makes me wonder if endpoint manager will someday have a free license device ceiling…

Anyway, Thanks for taking the time to answer our questions about this change!



ITarian is Free.
Comodo cybersecurity: some things are free some are paid.
We do our best to give as much as possible free, but our kids get hungry too :slight_smile:

@melih ,
My point was polite but stands; right now AEP basic for C1 is free, and dome secure web gateway is free. Is there any way I can get myself informed of these emerging changes prior to the email which was sent out the other week? Is there maybe something like a product licensing roadmap which I could ask someone about?

Also, I still have a question about whether or not the Dome shield agents’ recursive queries to dome.C1 count against the total query ceiling. Please see my comment above with the attachment.

Thanks again for your time and patience with us! Have a wonderful evening!



Funny how its always free until it’s not free any more… It would be nice to get a warning rather than… hey you’re going to have to pay for this now.
I really liked the idea of the dome shield, but the high traffic on agents for roaming used will chew up the limit quicky…

Hi nadmin,

300K limit will mainly be consumed by external first time web requests since recurring web requests will be returned by local cache until TTL expires. I see your point with Roaming Agents, but Dome Shield Roaming Agent’s recursive requests to Dome Shield Portal will be in limited numbers in 300K cap.

Please know that we have come up with these packaging policy after carefully considering all parties and their needs. Dome Shield is now quite saturated in feature-set and we have been working hard both for infrastructure and front-end stuff to make Dome Shield experience even better and will keep doing so.

Please also let me state that 300K limit will be a monthly thing, will be set to 0 (zero) at the beginning of each month so that this would be a soft transition for our users.

I hope I could answer your question you stated above and also some that may be in your head.


Hi Virtuist,

300K will mainly be consumed by external first time web requests and Roaming Agent’s recursive queries to Shield Portal will be limited in this cap. We have been sending out emails and posting notifications in Shield Portal to inform our users about the upcoming change and please also let me state that we have come up with this packaging after carefully considering all parties and their needs.


Hi @bulut and @Nevzat_Huruzoglu ,

Thanks for the information. Some of what I was going to point out has already been covered, but to answer your question we currently are serving 12 endpoints with more being added and we are still in the “beta” phase; we serve both residential and small business and with most of our current customers owning laptops the roaming agent would be installed on 80%. I understand that the queries are cached but in my opinion, two changes could be made to improve this implementation:

  • Hits to Comodo or ITarian domains (such as should not be included in the cap statistics or limits since this is done by the software itself and not by the user.
  • The number of queries should be raised to a minimum of 500,000/month
Just my thoughts on the matter, as we haven't decided 100% to deploy Dome Shield until seeing how this updated licensing works in our environment,


Most important point is, your traffic will not be stopped, all your existing policies will keep on working even if you exceed your monthly limit. You will still be able to edit your existing rules, keep on getting visibility, but once limit is exceeded you will not be able to create new objects or add new policies for that month.

Next month, the counter will start from scratch. The limits are set for monthly basis, so if the limit is reached, creating new objects and policies will be blocked for that month which you have passed the limit within…

@Kristan ,

Thank you for your feedback!

All points noted. Also requests made to our operational services are not counted within 300K limit.

That’s one of the reasons why its important to separate IT management from security. Because we give IT management for free people assume security should be free too. The alternative to dome shield is cisco umbrella that charges over $36 per user per year. Not only are we offering free version for low volume users we are also making, a service that I believe to be much better than Cisco’s version for much cheaper.

Have you tested the 300K limit on your users? How many triggered it?

We have no way of telling currently as we have no accurate indication of what is in the cap and what is not… I.e Some clients have a lot of machines, but not much browsing. However there are a lot of calls to comodo sites by itsm.

I always thought venture capitalists brought/started companies to make money, how will a business that does not charge for its core product make money to cover the costs of development…

@Kristan ,

Thank you for these points. I agree that they should be addressed. Our market reach with these services is still so minimal that I don’t have any good data on the impact of the softlimit as it’s set now, but I agree that the query accounting system needs to be fixed before they use it to license their platform. The screenshot which I attached above was from three minimal-use workstations at a local transmission shop owned by a friend; I could see someone who uses a few more roaming agents running into that softlimit much quicker.

@bulut , @melih , and @Nevzat_Huruzoglu,

We appreciate you taking the time to address these platform concerns while you restructure the Dome licensing. I will avoid getting into the other web gateway methods, companies, or licensing models because that is not the spirit in which the initial query was raised. Will this thread be updated if changes are made to remediate the aforementioned concern regarding the accounting of comodo service lookups with roaming agents? Thanks again for your time and patience.



As mentioned many times previously, IT management will be free and it will make money from its marketplace.
Cybersecurity is NOT free, but has free components. You see another reason why having two different brands with ITarian the confusion will be avoided…ITarian free…cybersecurity is not.


Service lookups to our services will not be counted within 300K limit. In other words, requests made to our services will not consume that limit.

Moreover, it’s in our roadmap to introduce the reporting 2.0 and other than many improvements we will make such as new interface, visibility widgets and contextual monitoring, we will also be handling internal service queries -the lookups you mention- separately to avoid such ambiguity.

I just want to confirm while we’re discussing this, will lookups to ITSM / Endpoint Manager / RMM (e.g also be excluded?

they should be excluded… Bulut please make sure…its unfair to include them.