Portable DNS Cache and Firewall
Technical Specifications
Latest release |
3.0 ,
31 Dec 1999 ,
[Change Log]
|
Supported networking
|
Ethernet, IPv4, IPv6, TCP, UDP. |
Prerequisites |
up-to-date root certificates (or it will take
2 minutes to start).
|
Supported OSes |
Windows 7*, 8, 8.1, 10, Server 2008 R2*, Server 2012, Server 2012 R2, Server 2016.
*For Windows 2008 R2 and 7, required Service Pack 1 +
KB3033929 (SHA-2 digital signing).
|
Recommended hardware |
CPU 1GHz and above, modern graphics card. |
Additional hardware required |
none |
Overview
The DNS caching
technology has made another step forward with the release of Portable DNS Cache.
Now, cache records can be saved into a file and loaded upon request.
This software exposes intricacies of communication between a computer
and DNS servers, it monitors requests and responses, differentiates
requests resolved locally from requests resolved via DNS servers,
it filters and blocks unwanted domain names according to filtering
patterns. The real-time monitoring and firewall capabilities reveal
"the secrets" of many programs
that are sneaking to the Internet behind your back. The simplicity
of the user interface allows performing tasks quickly and intuitively.
No need to configure. Just start it and see it all.
Domain Name System (DNS) Overview
[IT professionals skip to the next section]
The DNS system
has been around for many years. It serves as a foundation for translating
textual names (domain names) into IP addresses used by computers
to communicate with each other.
When connecting
to a website, popular Internet browsers like Internet Explorer,
Firefox, Mozilla, and Chrome first trying to break down internet
addresses on several parts. One of the parts is a domain name. The
domain name is what is sent to DNS servers to obtain the IP address
of a server.
Even without explicit
request by a user, modern software often accesses the Internet.
Many users are not even aware of such communication as it happens
in the background, without user involvement and notifications.
The examples of software with automatic Internet access include
desktop gadgets, software with auto update capabilities, online
backup software, time synchronization services, background downloading
software, file sharing services, and also the whole category of
malicious software.
The Internet communication
and browsing is not the only area where DNS is used. The DNS name
resolution is often used on corporate networks to provide names
of corporate file, print, and web servers for anybody who tries
to access them.
The DNS resolution
process often goes through several stages. First, is the attempt
of a computer to resolve a name via local cache. It is done to save
time and computer resources. Pretty much every computer has some
sort of DNS cache which holds recently resolved domain names. Such
cache is stored on the local machine and is not available for transfer
to others. It is rarely viewed directly even by IT professionals.
That is one area where Portable DNS Cache comes in handy. It maintains
the DNS cache, shows its content, and resolves names from the cache
instead of sending to a DNS server. Thus even if a DNS server does
not have a record for the domain name, or actively blocking it,
or simply has a different IP address for the domain name, the IP
address from the cache will be used. In addition to that, Portable
DNS Cache makes it easy to delete cached records or create from
them filters for blocking or allowing such domain names in the future.
The next two stages
in DNS communication are sending a request to a DNS server and receiving
a response. Using its firewall capabilities, the Portable DNS Cache
verifies the communication. It blocks the DNS requests or lets them
through depending on filtering rules that are created by a user.
Whichever action is taken a logging record is created and displayed
in the Resolver Log.
Many types and
kinds of communication one way or the other rely on DNS resolution.
That is why it is important to know and be aware of ongoing DNS
communication as this holds the key to detecting and stopping suspicious
activity before it is too late. By blocking DNS resolution, any
further communication to that domain is essentially blocked.
It is very simple! If a computer does
not know the IP address of a domain name, it is not able to use
it for connecting!
The Portable DNS
Cache is designed to expose the DNS communication that is happening
in the background, provide portability for cached records, and block
the resolution of unwanted domain names.
Working with Portable DNS Cache and
Firewall
The user interface
consists of control elements (menus and toolbars), and 3 tabbed
pages that provide different information about the DNS communication.
The opening and
saving a file works on a single file. The data from the Cache page
and the Filters pages are loaded and stored together. Certain
fields of items from Cache page (like Queries and Cache Responses)
are cleared upon loading.
Other operations
allow changing the theme for the user interface, placing an icon
on the Windows system tray upon minimizing, and keeping the window
on top of other windows.
Cache page
This page shows
records stored in the cache.
The icon
next to a record shows that a request for a DNS domain
name was issued, but a response was not yet received. Usually a
record stays in this state for a short period of time between the
request sent and the reply received with one exception - when a
blocking filter is active for that domain name. The icon
next to a record shows that it contains both a request
and a response and Portable DNS Cache will use that data instead
of sending requests to DNS servers.
The Cache page
has several useful fields helping to better understand the dynamics
of cache population and resolution. The fields are as follows.
Field name |
Description |
Host Name |
The exact domain name from the DNS request |
IP |
The list of IP addresses from the DNS response |
Added |
The time when the record was first created. Essentially,
the time when the first request was created. For the records
loaded from a file, it contains the time when the file was
loaded.
|
Accessed |
The time when the record was last accessed for DNS resolution. |
Queries |
The number of queries since the record was created or
loaded from a file.
|
Cache Responses |
The number of responses that ware taken from the cache
instead of sending to DNS servers.
|
Whenever the Cache page is active, its is active too.
Toolbar Button |
Description |
Start/Stop recording into the cache |
When the Recording is enabled, the responses from DNS
servers are stored into the cache.
|
Enable/Disable Playback from the cache. |
Whenever the Playback is enabled the Portable DNS Cache
can use the cached records to satisfy DNS requests without
passing them to DNS servers. Whenever the Playback is disabled,
all DNS requests are passed straight to DNS servers
and received responses are forwarded to the programs which
originated the requests.
|
Clear cache |
Clear the whole cache. |
Delete selected records |
Delete selected records. |
Resolver Log page
This page contains
the log of DNS resolution activity. All activity is being recorded
here. The log cannot be saved into a file.
The
image denotes that the DNS request was blocked
The
image
denotes that the DNS request was sent to a DNS server
The
image denotes that the original DNS request was resolved via passing
the request to a DNS server and passing the request from the DNS
server back to the issued it program. In other words, it indicates
that the request was not resolved from the cache.
The
image denotes that the original DNS request was resolved via cache
without sending any data to a DNS server. Such resolution saves
time on data travel between a computer and a DNS server.
The
image denotes that the DNS server responded that it is unable to
resolve the domain name.
Whenever the Resolver
Log page is active, its toolbar is active too. The toolbar allows
to:
Toolbar Button |
Description |
Pause the Log |
Prevent new DNS activity items from showing up in the
log.
|
Clear the Log |
Clear all log entries. |
Filters page
This page contains
filters that specify the rules allowing or blocking certain domain
names. The firewall functionality of Portable DNS Cache uses them
to make real-time decisions.
Each filter has
several attributes.
Attribute |
Description |
Host Name Pattern |
The pattern for the domain name matching. It may include
'*' (asterisk) symbol in different places.
It denotes any number of any characters.
|
Apply when there is no match |
When checked, the filter action is executed for the
domain names NOT matching to the Host Name Pattern.
|
Action: Block |
Blocks the request |
Action: Never Block |
Prevents the matching to the pattern domain name from
being blocked by any other rules. In other words, such request
will never be blocked.
|
Enabled |
Enabled/Disabled flag. Only enabled filters have an
effect in determining an action for a domain name.
|
Whenever Filters page is active, its toolbar is active too and
allows creating new filters and editing the existing ones.
Tutorial Video
Notes:
* Windows® is a registered
trademark of the Microsoft Corporation.