Portable DNS Cache and Firewall

- Version: 3.2
- Supported OSes:
  Windows 7, 8, 8.1, 10,
  Server 2008 R2, Server 2012,
  Server 2012 R2, Server 2016
- NOTE: The Basic (free) edition must be activated with a free serial key. See the product edition chart for details.
- Change Log

Features	30-day Trial	Pro
Caching of DNS addresses	yes	yes
Resolution of DNS requests locally	yes	yes
Redirection to custom DNS servers	yes	yes
Blocking of DNS requests with name wildcards	yes	yes
Monitoring of DNS activity, showing fulfilled and blocked requests	yes	yes
Loading and saving of the DNS cache into a file	yes	yes
System tray icon	yes	yes
Automatic cleanup of rules upon exit	yes	yes
License to use for more than 30 days	no	yes
Price (in USD)	-	$14.95
Purchase

Technical Specifications

Latest release	3.2 , 10 Jun 2016 , [Change Log]
Supported networking	Ethernet, IPv4, IPv6, TCP, UDP.
Prerequisites	Up-to-date root certificates (otherwise, it will take 2 minutes to start).
Supported OSes	Windows 7, 8, 8.1, 10, Server 2008 R2, Server 2012, Server 2012 R2, Server 2016. *For Windows 2008 R2 and 7, required Service Pack 1 + KB3033929 (SHA-2 digital signing).
Recommended hardware	1 GHz CPU or faster, modern graphics card.
Additional hardware required	None

Overview

DNS caching technology has taken another step forward with the release of Portable DNS Cache. Now, cache records can be saved to a file and loaded upon request. This software exposes the intricacies of communication between a computer and DNS servers, monitors requests and responses, differentiates requests resolved locally from those resolved via DNS servers, and blocks unwanted domain names according to filtering patterns. The real-time monitoring and firewall capabilities reveal the "secrets" of many programs that are sneaking onto the Internet behind your back. The simplicity of the user interface allows for quick and intuitive task performance. No configuration is needed — just start it and see it all.

Domain Name System (DNS) Overview
[IT professionals can skip to the next section]

The DNS system has been in use for many years, serving as a foundation for translating textual names (domain names) into the IP addresses that computers use to communicate with each other.

When connecting to a website, popular Internet browsers like Internet Explorer, Firefox, Mozilla, and Chrome first attempt to parse internet addresses into several parts. One of these parts is a domain name, which is sent to DNS servers to obtain the IP address of a server.

Even without an explicit request from a user, modern software often accesses the Internet. Many users are unaware of such communication, as it occurs in the background without user involvement or notifications. Examples of software with automatic Internet access include desktop gadgets, applications with auto-update capabilities, online backup software, time synchronization services, background downloading software, file-sharing services, and the entire category of malicious software.

Internet communication and browsing are not the only areas where DNS is used. DNS name resolution is also frequently used on corporate networks to provide the names of corporate file, print, and web servers to anyone who tries to access them.

The DNS resolution process often involves several stages. First, a computer attempts to resolve a name via its local cache to save time and resources. Nearly every computer has some form of DNS cache that holds recently resolved domain names. This cache is stored on the local machine and is not available for transfer to others. It is rarely viewed directly, even by IT professionals. This is one area where Portable DNS Cache is particularly useful. It maintains the DNS cache, displays its content, and resolves names from the cache instead of sending them to a DNS server. Thus, even if a DNS server does not have a record for a domain name, is actively blocking it, or has a different IP address for it, the IP address from the cache will be used. Additionally, Portable DNS Cache makes it easy to delete cached records or create filters from them to block or allow such domain names in the future.

The next two stages in DNS communication are sending a request to a DNS server and receiving a response. Using its firewall capabilities, Portable DNS Cache verifies this communication. It blocks DNS requests or allows them to pass, depending on the filtering rules created by the user. Whichever action is taken, a logging record is created and displayed in the Resolver Log.

Many types of communication rely on DNS resolution in one way or another. That is why it is important to be aware of ongoing DNS communication, as this holds the key to detecting and stopping suspicious activity before it is too late. By blocking DNS resolution, any further communication to that domain is essentially blocked. It is very simple! If a computer does not know the IP address of a domain name, it cannot connect to it!

Portable DNS Cache is designed to expose the DNS communication that occurs in the background, provide portability for cached records, and block the resolution of unwanted domain names.

Working with Portable DNS Cache and Firewall

The user interface consists of control elements (menus and toolbars) and three tabbed pages that provide different information about DNS communication.

The "Open" and "Save" file operations work on a single file. The data from the Cache and Filters pages are loaded and stored together. Certain fields of items from the Cache page (such as "Queries" and "Cache Responses") are cleared upon loading.

Other operations allow you to change the theme of the user interface, place an icon in the Windows system tray when minimized, and keep the window on top of other windows.

Cache page

This page shows the records stored in the cache.

The icon next to a record indicates that a request for a DNS domain name has been issued, but a response has not yet been received. Typically, a record remains in this state for a short period between the request being sent and the reply being received, with one exception: when a blocking filter is active for that domain name. The icon next to a record shows that it contains both a request and a response, and Portable DNS Cache will use that data instead of sending requests to DNS servers.

The Cache page includes several useful fields that help to better understand the dynamics of cache population and resolution. The fields are as follows:

Field name	Description
Host Name	The exact domain name from the DNS request.
IP	The list of IP addresses from the DNS response.
Added	The time when the record was first created. Essentially, this is the time when the first request was made. For records loaded from a file, it contains the time when the file was loaded.
Accessed	The time when the record was last accessed for DNS resolution.
Queries	The number of queries since the record was created or loaded from a file.
Cache Responses	The number of responses that were taken from the cache instead of being sent to DNS servers.

Whenever the Cache page is active, its toolbar is also active.

Toolbar Button	Description
Start/Stop recording into the cache	When Recording is enabled, responses from DNS servers are stored in the cache.
Enable/Disable Playback from the cache.	When Playback is enabled, Portable DNS Cache can use cached records to satisfy DNS requests without passing them to DNS servers. When Playback is disabled, all DNS requests are passed directly to DNS servers, and the received responses are forwarded to the programs that originated the requests.
Clear cache	Clears the entire cache.
Delete selected records	Deletes the selected records.

Resolver Log page

This page contains the log of DNS resolution activity. All activity is recorded here. The log cannot be saved to a file.

portable-dns-cache Resolver Log page

The image denotes that the DNS request was blocked.

The image denotes that the DNS request was sent to a DNS server.

The image denotes that the original DNS request was resolved by passing the request to a DNS server and then forwarding the response from the DNS server back to the program that issued it. In other words, it indicates that the request was not resolved from the cache.

The image denotes that the original DNS request was resolved from the cache without sending any data to a DNS server. This type of resolution saves time on data travel between a computer and a DNS server.

The image denotes that the DNS server responded that it was unable to resolve the domain name.

Whenever the Resolver Log page is active, its toolbar is also active. The toolbar allows you to:

Toolbar Button	Description
Pause the Log	Prevents new DNS activity items from appearing in the log.
Clear the Log	Clears all log entries.

Filters page

This page contains filters that specify the rules for allowing or blocking certain domain names. The firewall functionality of Portable DNS Cache uses these rules to make real-time decisions.

portable-dns-cache Filters page

Each filter has several attributes.

Attribute	Description
Host Name Pattern	The pattern for domain name matching. It may include the '*' (asterisk) symbol in various places, which denotes any number of any characters.
Apply when there is no match	When checked, the filter action is executed for domain names that do NOT match the Host Name Pattern.
Action: Block	Blocks the request.
Action: Never Block	Prevents a domain name matching the pattern from being blocked by any other rules. In other words, such a request will never be blocked.
Enabled	An Enabled/Disabled flag. Only enabled filters have an effect in determining an action for a domain name.

Whenever the Filters page is active, its toolbar is also active and allows for the creation of new filters and the editing of existing ones.

Tutorial Video

Notes:
* Windows^® is a registered trademark of the Microsoft Corporation.