Portable DNS Cache and Firewall

• Intro
• Domain Name System (DNS) Overview
• Working with Portable DNS Cache and Firewall
  • Cache Page
  • Resolver Log Page
  • Filters Page
• Short instructional video on how to get started

Intro

The DNS caching technology has made the next step forward with Portable DNS Cache. Now cache records can be saved into a file and loaded upon request. This software exposes intricacies of communication between a computer and DNS servers, it monitors requests and responses, differentiates requests resolved locally from requests resolved via DNS servers, it filters and blocks unwanted domain names according to filtering patterns. The real-time monitoring and firewall capabilities reveal "the secrets" of many programs that are sneaking to the Internet behind your back. The simplicity of the user interface allows to perform tasks quickly and intuitively. No need to configure. Just start it and see it all.

Domain Name System (DNS) Overview
[IT Professionals skip to the next section]

The DNS system has been around for many years. It serves as a foundation for translating textual names (domain names) into IP addresses used by computers to communicate with each other.

When connecting to a website, popular Internet browsers like Internet Explorer, Firefox, Mozilla, and Chrome first trying to break down the internet address on several parts. One of the parts is a domain name. The domain name is what is sent to DNS servers to obtain the IP address of a server.

Even without explicit request by a user, modern software often accesses the Internet. Many users are not even aware of such communication as it happens in the background, without user involvement and proper notifications. The examples of software with automatic Internet access include desktop gadgets, software with auto update capabilities, online backup software, time synchronization services, background downloading software, file sharing services, and also the whole category of malicious software. 

The Internet communication and browsing is not the only area where DNS is used. The DNS name resolution is often used on corporate networks to provide names of corporate file, print, and web servers for anybody who tries to access them.

The DNS resolution process often goes through several stages. First, is the attempt of a computer to resolve a name via local cache. It is done to save time and computer resources. Pretty much every computer has some sort of DNS cache which holds recently resolved domain names. Such cache is stored on the local machine and is not available for transfer to others. It is rarely viewed directly even by IT professionals. That is one area where Portable DNS Cache comes in handy. It maintains the DNS cache, shows its content, and resolves names from the cache instead of sending to a DNS server. Thus even if a DNS server does not have a record for the domain name, or actively blocking it, or simply has a different IP address for the domain name, the IP address from the cache will be used. In addition to that, Portable DNS Cache makes it easy to delete cached records or create from them filters for blocking or allowing such domain names in the future.

The next two stages in DNS communication are sending a request to a DNS server and receiving a response. Using its firewall capabilities, the Portable DNS Cache verifies the communication. It blocks the DNS requests or lets them through depending on filtering rules that are created by a user. Whichever action is taken a logging record is created and displayed in the Resolver Log.

Many types and kinds of communication one way or the other rely on DNS resolution. That is why it is important to know and be aware of ongoing DNS communication as this holds the key to detecting and stopping suspicious activity before it is too late. By blocking DNS resolution, any further communication to that domain is essentially blocked. It is very simple! If a computer does not know the IP address of a domain name, it is not able to use it for connecting!

The Portable DNS Cache is designed to expose the DNS communication that is happening in the background, provide portability for cached records, and block the resolution of unwanted domain names.

Working with Portable DNS Cache and Firewall

The user interface consists of control elements (menus and toolbars), and 3 tabbed pages that provide different information about the DNS communication.

The opening and saving a file works on a single file. The data from the Cache page and the Filters pages are loaded and  stored together. Certain fields of items from Cache page (like Queries and Cache Responses) are cleared upon loading.

Other operations allow changing the theme for the user interface, placing an icon on the Windows system tray upon minimizing, and keeping the window on top of other windows.

Cache page

This page shows records stored in the cache.

The icon next to a record shows that a request for a DNS domain name was issued, but a response was not yet received. Usually a record stays in this state for a short period of time between the request sent and the reply received with one exception - when a blocking filter is active for that domain name. The icon next to a record shows that it contains both a request and a response and Portable DNS Cache will use that data instead of sending requests to DNS servers.

The Cache page has several useful fields helping to better understand the dynamics of cache population and resolution. The fields are as follows.

Field name	Description
Host Name	The exact domain name from the DNS request
IP	The list of IP addresses from the DNS response
Added	The time when the record was first created. Essentially, the time when the first request was created. For the records loaded from a file, it contains the time when the file was loaded.
Accessed	The time when the record was last accessed for DNS resolution.
Queries	The number of queries since the record was created or loaded from a file.
Cache Responses	The number of responses that ware taken from the cache instead of sending to DNS servers.

Whenever the Cache page is active, its is active too.

Toolbar Button	Description
Start/Stop recording into the cache	When recording is enabled, the responses from a DNS server are stored into the cache.
Enable/Disable Playback from the cache.	Whenever playback is enabled the Portable DNS Cache can use the cached records to satisfy the DNS request without passing it to DNS servers. Whenever the Playback is disabled. All DNS requests are passed straight through to DNS servers and received responses are forwarded to the program which originated the request.
Clear cache	Clear the whole cache.
Delete selected records	Delete selected records.

Resolver Log page

This page contains the log of DNS resolution activity. All activity is being recorded here. The log cannot be saved into a file.

The image denotes that the DNS request was blocked

The image denotes that the DNS request was sent to a DNS server

The image denotes that the original DNS request was resolved via passing the request to a DNS server and passing the request from the DNS server back to the issued it program. In other words, it indicates that the request was not resolved from the cache.

The image denotes that the original DNS request was resolved via cache without sending any data to a DNS server. Such resolution saves time on data travel between a computer and a DNS server.

The image denotes that the DNS server responded that it is unable to resolve the domain name.

Whenever the Resolver Log page is active, its toolbar is active too. The toolbar allows to:

Toolbar Button	Description
Pause the Log	Prevent new DNS activity items from showing up in the log.
Clear the Log	Clear all log entries.

Filters page

This page contains filters that specify the rules allowing or blocking certain domain names. The firewall functionality of Portable DNS Cache uses them to make real-time decisions.

Each filter has several attributes.

Attribute	Description
Host Name Pattern	The pattern for the domain name matching. It may include '*' (asterisk) symbol in different places. It denotes any number of any characters.
Apply when there is no match	When checked, the filter action is executed for the domain names NOT matching to the Host Name Pattern.
Action: Block	Blocks the request
Action: Never Block	Prevents the matching to the pattern domain name from being blocked by any other rules. In other words, such request will never be blocked.
Enabled	Enabled/Disabled flag. Only enabled filters have an effect in determining an action for a domain name.

 
 
Whenever Filters page is active, its toolbar is active too and allows creating new filters and editing the existing ones.

Short instructional video on how to get started

Notes:
* Windows^® is a registered trademark of the Microsoft Corporation.