DNS Cache Resolver and Analytics Engine Overview
The Domain Name System (DNS) cache resolver feature implements a cache of DNS queries on the switch, so that repeated queries can be handled directly by the switch, rather than by repeatedly forwarding the requests to the DNS servers, which consumes time and network resources.
The DNS analytics engine analyzes the DNS queries (IPv4 and IPv6) from all connected clients and keeps track of received DNS queries from clients, and domains accessed along with time stamps. By using the cache and analytics, audits can be performed on the details of queries coming from clients, which allows for threat mitigation.
To provide GDPR compliance, DNS analytics provides a mechanism to restrict the collection of DNS analytics of a protected client. When you configure the client IP address subnet in the protected list, DNS queries from configured protected clients are erased from the analytics database and future queries are not stored.
All ExtremeSwitching Universal platforms.
- TCP DNS queries are not cached.
- The DNS cache feature and the L7 DNS feature in ONEPolicy should not be enabled at the same time.
- Checkpointing is not supported in a stack or a MLAG setup for DNS caching.
- IPv6 DNS queries are not cached.
- DNS cache feature should not be enabled on VXLAN tenant VLANs.