I have added two global rules, blocking ICMP any in/out and TCP/UDP in/out from any IP (any port) to hit-nxdomain.opendns.com (any port).
I was recently asked about ICMP and TCP traffic to 208.67.216.132. A reverse dns lookup on this IP address reveals the host name hit-nxdomain.opendns.com
There is clearly a problem with Comodo’s host name resolution, or the frequency with which host names are resolved, or host names which resolve to more than 1 IP address, which needs to be fixed.
I have previously run across the impossibility of using wildcards in hostnames. Whilst I find this annoying, I can understand that it might have a deleterious impact on performance (although I still think it would be a good idea to allow the user to choose whether to enable this feature, and have it off by default). This is a different problem, however: if you are going to allow specification of host names at all, you have to keep up to date with their associated IP addresses.
Anyone have any insight into how this is done currently?