Dome Shield 1.16 Released!

We are happy to announce the global availability of Dome Shield 1.16 .

All previous versions are updated to the latest version with no issues and service interruptions.

This one is BIG!!

What’s New ?

  • Local DNS Resolver(Sites & Virtual Appliances): Introducing Local DNS Resolver Virtual Appliances! This is a VA that can be used for encrypting your DNS traffic end-to-end till it reaches to our Secure DNS infrastructure. On top of stopping preying eyes on your DNS traffic, it gives you the ability of creating internal IP based rules and reports. You can simply install Local Resolver Virtual Appliances in Active-Active mode to VMWware/Virtualbox or Hyper-V systems, and set them as your Primary and Secondary DNS Servers. Local Resolvers forward internal DNS queries to your existing internal DNS servers/internal domains and forwards external DNS queries to our Secure DNS infrastructure over a secure DNSCrypt tunnel. Configure > Go to Sites & Virtual Appliances > How to Deploy VAs for more information.
  • Internal IP Based Rules and Reports: By using Local Resolvers, you can create rules for your internal IP/Subnets! Making Dome Shield's rule management more granular, you can even observe every single PC via Reporting over the cloud.
  • Internal Domain Bypass: Previously, using Dome Shield with Active Directory managed domains or networks with local servers was hard. Now you can simply add them to your internal domain bypass list and Local DNS Resolver can forward such DNS traffic to your internal DNS servers which can resolve your internal domains, making Shield adapt to your network seamlessly.
  • Site Management: You can manage your DNS Egress points separately by installing different Local DNS Resolvers to your different sites. It makes it possible to manage different Sites of your customers per their DNS traffic and rules from a single-pane-of-glass.
  • Block All Domains: This was a major request coming from our MSPs, where syadmins wanted to only allow only a couple of domains and block everything else. Now, you can do this with a single click.
  • False Positive Management: Dome Shield 1.16 offers a new tool called “Domain Classification Requests” on Policy screen, without having to leave the portal, you can simply learn the categories of domains, propose new categories and then automatically blacklist and whitelist them if you wish. All the reports and b/wlists gets updated according to your requests and we re-analyze all proposals in 48 hours which you can observe from the same menu.
  • New DNS Nodes: We have added new POPs to France and Germany. Moreover, we have updated all our existing nodes in USA and Europe for providing lower latency and higher uptime.

How Local DNS Resolver VAs will fit to your existing network:

What’s Coming Next ?

  • Roaming Agent for MAC: A new agent will be provided for MAC Agents, with same capabilities of existing Windows Roaming Agent. This will give our users the ability of securing and applying content filtering rules to Roaming MAC Computers.
  • Active Directory Integration: Creating and managing user/group/department based domain filtering and security rules of Dome Shield will be possible. Moreover, it will give our users the ability of getting user/group/department based Reports.
We are looking forward to hearing your thoughts! And, don't forget to change your DNS to Dome Shield, it's FREE!

Excellent work guys!

Going to enjoy testing this…

nice work.

Is it possible to get an ETA on the following. Have a large school looking at us for potential MSSP Services, and this could be the game changer due to the cost savings against Smoothwall

Active Directory Integration: Creating and managing user/group/department based domain filtering and security rules of Dome Shield will be possible. Moreover, it will give our users the ability of getting user/group/department based Reports.

@curatrix_pl ,

Projected Timeline Release is August this quarter.

Good job Comodo Team!

SO some feed back.

1, Under Hyper-V you need to use the arrow buttons to navigate the menu. Not sure if this is in the how to.
2, surly this can auto login no need for credentials…
3, i have an existing police can i just add the site or networks in there?
4 do i add the site and OR the networks?
5 do i now change DHCP to point to the new Vms, so currently the DC is DNS 16.6. do i now remove 16.6 and add 16.251 and 16.252?
i guess ALL DNS goes via the new VM’s then it routes to the local dns if internal then out if external? are DNS forwarders needed any more? as i expect ALL external DNS will now be routed directly via the new VMS??

Cheers Guys.

Hello @dittoit,

We have forwarded your feedback to our product team we will get back to you as soon as possible. We will also update you through email.

hi dittoit,

1.After the installation is complete, you will see a configuration screen like this in your hypervisor:

You can use keyboard arrow keys to navigate between input fields.

3. You can add Sites, Internal IPs/Subnets i.e the new objects into existing policies or you can create new ones.

4.Both are possible. In more detail: Networks are created inside of Sites, thus you can either create rules that would apply to entire Site or you can select specific networks created under sites. e.g: Your company has 2 sites; the HQ and the Branch. HQ has following 2 subnets and . Branch has 2 subnets different than the ones in HQ. So, if you have 2 separate egress points of DNS, you should install 2 different sets of Local Resolvers, but if the Branch and HQ is connected via VPN and using the same egress point where there is no overlap in subnets you can use same Local Resolver for all… Cont’d: If you select a rule to be applied to HQ, all subnets behind will be applied with that rule of your choice. But there is following rule precedence:

Roaming Agent > Internal IP/Subnet > Site > Location

So, if you create a rule like following: Allow News Categories for , Block News Categories for HQ; will be able to access News Categories but nobody else will be able to access the same category in Site HQ.

5. Assuming you install 2 VMs for High Availability reasons, you need to set VM1 as your Primary DNS and VM2 as your Secondary DNS. After you add Local DNS IPs into above configuration screen of you Local Resolver, all internal queries will be forwarded to those local DNS servers and rest will go over DNScrypt to our Secure DNS infrastructure. If you want to add specific domains, which you need to be forwarded to your Local DNS, you can do it over “Internal Domains” menu in Shield Portal.

I hope above information answers your questions.