Traffic for a network application includes DNS query/response traffic and the actual application flow. When classifying traffic, most attention is given to the application flow, both for reporting (application visibility) and control (QoS policy).

The DNS Protocol Classification Change feature enables an NBAR client, such as a router, to classify and handle DNS traffic in the same way as its associated application traffic. This is accomplished using the domain name that appears in the DNS flow.

Use of DNS Protocol Classification Change

DNS Protocol Classification Change can be especially useful in networks employing Cisco Intelligent WAN (IWAN), for optimizing the performance of network applications.

For example, in an IWAN spanning a wide geography, it might happen that a specific type of application traffic (example: Microsoft Office 365) may be routed first to a geographically distant node in the IWAN, and then to the relevant server. This route may diminish performance of the application. Using DNS protocol classification change, it is possible to redirect the DNS query/response to a local DNS server, and route the application traffic directly to the relevant cloud-based application server, improving application performance.

• DNS Protocol Classification Change classifies the DNS flow in the same way as the application, based on built-in protocols or custom signatures.

• The DNS flow classification inherits the attributes of the application – category, business-relevance, traffic-class, encryption, and so on. For example, for a DNS flow classified as “Google-accounts” the encryption attribute is TRUE.

• DNS flows are not cached using the socket cache mechanism.

• To catch all DNS traffic for QoS, use the following “transport hierarchy” CLI:

  match protocol dns in-app-hierarchy

• Default: enabled.