How does an Edge match traffic to a Business Policy using a Domain Name?
When a LAN client sends traffic to a specific IP, if that IP is listed in the Edge's DNS cache as being associated to a domain, the Edge will match it to the Business Policy that uses that domain.

Expected behavior and limitations:

• The edge builds its DNS cache by snooping DNS Answers that traverse the Edge in response to DNS queries.  If for example a DNS answer maps 192.168.1.1 to mydomain.com, any traffic going to 192.168.1.1 will be treated as going to mydomain.com and will match any policies using that domain name.
• If no DNS queries traverse the Edge, the DNS cache will not be populated and domains cannot be used to match in Business Policies.
• The TTL for these entries should match the TTL in the DNS Records.
• Edge can associate multiple IP addresses to the same domain name, which is helpful for websites that use multiple IPs.
• Edge cannot associate multiple domains to the same IP, if another DNS answer comes through mapping a different domain to an IP that's already in the cache for another domain, it gets overwritten with the new domain-to-IP mapping, and traffic to that IP will now be treated as traffic going to the new domain. (more on this in the "Known limitation" section below)
• DNS cache is segment unaware.

Some alternatives to using domain names in business policies:

If the website uses one specific subnet, the user can configure the business policy to match based on that destination subnet. If on the other hand it uses many subnets the user can modify the application map to create a new application that matches based on the list of subnets, and then create a business policy that matches based on this new application.

If the customer enterprise is using a VMware SD-WAN Orchestrator hosted by VMware, the user may need to open a support ticket with VMware SD-WAN Support if a customized application map is needed.  Please consult CS - VMware SD-WAN – Support (83702) for questions regarding using the support portal.

Another option that is available when the destination subnets are known, is to use Object Groups. The advantage of using Object Groups is that there's no need to make changes to the application map.  The prerequisite for using Object Groups is that both the Edges and the Orchestrator must be using Release 3.4.0 or higher.
 

Known limitations:
1. The edge only caches an IP address to a single domain at a time. 
A possible workaround is to add all the domains associated to the same IP to the business policy.

2. The ability of this feature to work depends on the ability of the edge to add all the required DNS entries, which is limited by the DNS Cache Limit for each platform, based on System Memory RAM.

4 GB   = 6k entries
8 GB   = 12k entries
32 GB = 48k entries

For platform System Memory (RAM) values refer to: VeloCloud SD-WAN - Edge platform specifications

To learn more about Object Groups, please consult our documentation.