Allow DNS port 53?

I see that every application in the Application Monitor has UDP outbound entries for port 53. I understand that port 53 is for looking up IP addresses in the DNS. To remove this useless litter from the application monitor, does it make sense to construct a rule allowing all app access to port 53? If so, how do I go about doing this?

I don’t think this will work, as you cannot enter wild cards in the Application Monitor (since you want it to fire for every application). So, you’d be forced to put it in the Network Monitor… but, that will not stop CFPs Application Monitor from prompting for each applications DNS attempt, as for outbound packets the Application Monitor fires first, the Network Monitor fires last. Looks like a Wish List item to me.

That seems backward if correct. The network monitor should fire first, THEN the application monitor!

I have created a couple of rules to bypass DNS lookups and will see what happens.

You are apparently correct. I created 2 rules to allow all IP access through the DNS port (53) to the DNS servers I am using. I moved these 2 rules to the top of the network monitoring rules so they are processed first.

But I am still getting a security alert pop-up when a new application tries to go out to the DNS port and DNS server. The network rule SHOULD prevent this.

I consider this to be a serious bug and to the best of my knowledge, is completely opposite the way all other firewalls work. With this backward logic, every single application would have to be individually identified. It just doesn’t make any logical sense. No experienced programmer would design an application this way. There is something that we must be missing. I will see what support has to say about this.

OK, I did some more work on this. You are incorrect about processing order. Network rules ARE processed first. However, network rules only matter where they are BLOCKING something. Anything allowed through then has the chance to get processed by the Application Monitor.

The problem here, as you note, is that there is no way to make an all-inclusive specification for all (or a group) of applications because Comodo does not support wild cards (like ., ? and #). Comodo wants one specific application to be named.

This design limitation (bug?) makes it impossible to reasonably control anything other than single applications.