DNS Security scaling?

9_volt — Mon, 23 Mar 2020 16:47:05 GMT

Hello,

We're looking at replacing some Fortinet and Juniper devices with PA's but can't find any details as to how many entries can be cached with the "DNS Security" feature.

I have a lab 220 I'm using but the output of the commands don't seem to show how many entries the cache can hold.

debug dataplane show dns-cache statistics Aggregated DNS cache stats: DNS cache mem total: 16773704 DNS cache mem used: 393216 Size of per DNS data: 24 Num of shards: 8 total number of domains: 0 percent of memory used : 2 Aggregated DNS cache shard stats: Size of shard 0 |3696 allocate 13 free 7 number of domains| 0 Size of shard 1 |3696 allocate 13 free 7 number of domains| 0 Size of shard 2 |3696 allocate 13 free 7 number of domains| 0 Size of shard 3 |3696 allocate 13 free 7 number of domains| 0 Size of shard 4 |3696 allocate 13 free 7 number of domains| 0 Size of shard 5 |3696 allocate 13 free 7 number of domains| 0 Size of shard 6 |3696 allocate 13 free 7 number of domains| 0 Size of shard 7 |3696 allocate 13 free 7 number of domains| 0

Also, do entries just disappear once their TTL has expired?

If anyone does have information, that would be awesome! Both for the 220's and 5260's if possible.

Thank you!

Re: DNS Security scaling?

Sec101 — Mon, 23 Mar 2020 19:04:48 GMT

would like to know this as well

Re: DNS Security scaling?

tshooter — Wed, 13 Jan 2021 16:20:30 GMT

Why isnt there more info from PALO on this? Seems like a great question? Are they just providing a bad DNS list? blcklist if DNS servers? Sheesh.. seems should be built in .. like dynamic BAD IP address rules.

topic Re: DNS Security scaling? in General Topics

DNS Security scaling?

Re: DNS Security scaling?

Re: DNS Security scaling?