Enable DNS cache

This option allows the DNS cache proxy to run: when a DNS query is sent to the firewall, it will be processed by the DNS cache.

List of clients allowed to used the DNS cache

DNS client [host, network, range, group]:

The clients that appear in the list can send DNS queries through the firewall.


By clicking on this button, a new line will be added to the top of the table. The arrow to the right of the empty field allows adding a DNS client. You may select this client from the object database that appears. This may be a host, network, address range or even a group.


First, select the DNS client you wish to remove from the list. A window will appear with the following message: “Remove selected DNS client?” " You can confirm that you wish to delete or Cancel the operation.

In transparent mode, the selected clients will benefit from the DNS cache proxy, while other requests will be subject to filtering.

Advanced properties

Cache size (in bytes):

The maximum size allocated to the DNS cache depends on your firewall’s model.

Transparent mode (intercepts all DNS queries sent by authorized clients)

As its name implies, the purpose of this option is to make the Stormshield Network Firewall’s DNS service transparent. As such, when this option is enabled, the redirection of DNS traffic to the DNS cache will be invisible to users who will get the impression they are accessing their DNS servers.


In transparent mode, all queries will be intercepted, even if they are going to DNS servers others than the firewall. The responses will be saved in memory for a certain duration to avoid resending known requests.

Random querying of domain name servers

If this option is selected, the firewall will select the DNS server at random from the list. (see menu System>Configuration module/Network settings tab/DNS Resolution panel).