We have Dome Shield Platinum. Originally we wanted to used Dome Shield with the Roaming Agent. This was how our old (Webroot) system worked with DNS. After installing the remote agent on many different endpoints we have seen many different issues with internal connectivity. All of our internal servers have been added to the host file under the network settings. Just this morning I had an executive that could not print because the printer said access denied. I removed the remote agent and printing worked again. I have also seen network share’s randomly get disconnected, and server based software fail because it said the server is unreachable. The way I have fixed these issues is to stop and restart the cShield service on the endpoint.
In an effort to remedy these issues, we setup a Local Resolver. The instructions say to set the DNS of the client machine to the IP of the Resolver. I am looking for a way to keep the endpoint settings set to the default settings of automatically getting the settings from the DHCP server.
What will happen if I set the DNS server at the domain DHCP settings to be the Resolver and NOT the normal internal DNS server? I am concerned that by doing this I will lose internal connectivity like I have been with using the remote agent.
In our environment I need to be able to set Dome Shield Policies individually by end points. I thought that using the remote agent would allow for this, but the internal connectivity issues have been getting worse.
We are saddened to hear of your reported issue. We have immediately created a support ticket to have our support teams assist you further. Please check your forum registered email at your convenience
You need to setup Local Resolver to forward local queries to your existing local dns. This could be done by putting local DNS addresses to Shield Local Resolver. Next you gotta set Shield Local Resolver address as the DNS server on your machines - you can do it by DHCP as you said. Then any local query or the domains you put in to configuration through the UI will be sent to your Local DNS, else will be queried via Shield DNS.
This should solve your problem.
If you still have agent on the machines you can either remove them or go to Network, find related IP address and select “Disable if Behind Network”.
Thank you for the responses. I spoke to John at Comodo Support. He answered my questions. I have now setup a Local Resolver and set my dhcp server to point to the resolver ip as the DNS server. Dome shield is now working much better.