03-23-2020 09:47 AM
Hello,
We're looking at replacing some Fortinet and Juniper devices with PA's but can't find any details as to how many entries can be cached with the "DNS Security" feature.
I have a lab 220 I'm using but the output of the commands don't seem to show how many entries the cache can hold.
debug dataplane show dns-cache statistics
Aggregated DNS cache stats:
DNS cache mem total: 16773704
DNS cache mem used: 393216
Size of per DNS data: 24
Num of shards: 8
total number of domains: 0
percent of memory used : 2
Aggregated DNS cache shard stats:
Size of shard 0 |3696 allocate 13 free 7 number of domains| 0
Size of shard 1 |3696 allocate 13 free 7 number of domains| 0
Size of shard 2 |3696 allocate 13 free 7 number of domains| 0
Size of shard 3 |3696 allocate 13 free 7 number of domains| 0
Size of shard 4 |3696 allocate 13 free 7 number of domains| 0
Size of shard 5 |3696 allocate 13 free 7 number of domains| 0
Size of shard 6 |3696 allocate 13 free 7 number of domains| 0
Size of shard 7 |3696 allocate 13 free 7 number of domains| 0 Also, do entries just disappear once their TTL has expired?
If anyone does have information, that would be awesome! Both for the 220's and 5260's if possible.
Thank you!
03-23-2020 12:04 PM
would like to know this as well
01-13-2021 08:20 AM
Why isnt there more info from PALO on this? Seems like a great question? Are they just providing a bad DNS list? blcklist if DNS servers? Sheesh.. seems should be built in .. like dynamic BAD IP address rules.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
