• SonicOS 8
• About SonicOS
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• About Network
  • DNS Introduction
• Configuring DNS Settings
  • Configuring DNS for IPv4
    • Specifying which DNS Servers are Used
    • Enabling Proxy of Split DNS Servers
    • DNS Rebinding Attack Prevention
    • DNS Rebinding and Cache Lookup
  • Configuring DNS for IPv6
    • Specifying which DNS Servers are Used
    • Enabling DNS Host Name Lookup over TCP for FQDN
  • Configuring Domain-Specific DNS Servers for Split DNS
    • About Split DNS
      • About Per-Partition DNS Servers and Split DNS
    • Adding a Split DNS Server
    • Editing Split DNS Entries
    • Deleting Split DNS Entries
• Configuring Dynamic DNS
  • About Dynamic DNS
    • Supported DDNS Providers
  • Dynamic DNS Profiles
    • Configuring Dynamic DNS Profiles
    • Editing Dynamic DNS Profiles
    • Deleting Dynamic DNS Profiles
• Configuring DNS Proxy Settings
  • About DNS Proxy
    • Supported Interfaces
    • DNS Server Liveness Detection and Failover
    • DNS Cache
    • High Availability Stateful Synchronization of DNS Cache
    • DHCP Server
  • Enabling Log Settings
  • Monitoring Packets
  • Configuring DNS Proxy Settings
    • Configuring DNS Proxy Settings
    • Deleting Static DNS Cache Entries
    • Viewing DNS Proxy Cache Objects
    • Flushing Dynamic DNS Cache Entries
• SonicWall Support
  • About This Document

DNS Cache

In DNS Proxy, a DNS cache memory saves the most commonly used domains and host addresses, and when it receives the DNS query that match the domain in DNS cache, the firewall directly responds to clients by using the cache records, without processing DNS query and reply proxy.

There are two kinds of DNS Cache:

Static	Manually configured by you.
Dynamic	Auto-learned by the GMS. For each DNS Query, the SonicOS DNS Proxy does the deep inspection on the URI and records the valid response to the caches.

When a DNS query matches an existing cache entry, the SonicOS DNS Proxy responds directly with the cached URI. This usually decreases the network traffic and, therefore, improves overall network performance.

Static DNS Cache Size

Static DNS cache entry size is always 256 regardless of platform. The static DNS cache is never be deleted unless it is done manually.

Dynamic DNS Cache Size

Dynamic DNS cache size depends on the platform. Some examples are shown here:

Platform	Maximum Cache Size
SM 9400 SM 9600	4096
SM 9200	2048
NSA 4600 NSA 5600 NSA 6600	2048
NSA 2600 NSA 3600	1024
TZ600	512
TZ300/TZ300W TZ400/TZ400W TZ500/TZ500W	512

If the maximum DNS cache size has been reached when the network security appliance attempts to add an entry to it, the network security appliance will:

1. Delete the DNS cache entry with the earliest expire time.
2. Add the new DNS cache entry.