I recall it's recommended to use a local DNS server. I do use MSFT DNS service and always have but I'd like to setup DNS forwarders but recall that being a problem. Is it and if so, why?



by jhoff 6 years ago

@jhoff: online DNS and URL blacklists tend to ban public DNS servers (OpenDNS servers, ISP DNS servers, Google DNS) due to the tremendous amount of queries they receive from them (i.e., they are used by many people at once thus quickly exceed the daily free query limit). Using such public DNS server as a forwarder will result in degraded spam filtering performance, as these online blacklist will not reply to your queries (they time out or return an error).

If you insist on using forwarders, conditional forwarding could be a workaround:


by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)


@Krisztián Fekete (Vamsoft): I assume you're suggesting I should setup conditional forwarders for each dnsbl and surbl I have configured?

I haven't seen the issue in the linked post above (uribl.com is configured to block only responses I see) but I do see an increase in SPAM since I added the forwarders.

Problem is some Comcast video stuff doesn't work correctly if you're using a local DNS server :(

by jhoff 6 years ago
(in reply to this post)


@jhoff: I tried for several and setting up the conditional forwarders fails (An unknown error occurred while validating the server). Sigh.

by jhoff 6 years ago
(in reply to this post)


@jhoff: another possible solution is setting up a local "forwarderless" DNS for ORF and use another one with forwarders for all other services.

by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)


@Krisztián Fekete (Vamsoft): Interesting idea - any suggestions on what to use? I'd want to use the MSFT dns service for my domain and something else for ORF.

by jhoff 6 years ago
(in reply to this post)


@jhoff: Maybe a Microsoft DNS Server of a virtual server (if you have a single server only)? Here are some non-MS alternatives:


by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)


@Krisztián Fekete (Vamsoft): Yeah, I just have a single server - this is "home" e-mail... I'll check some of these alternatives. Wondering if you or anyone else has any experience using an of them (besides MSFT DNS) with ORF?

by jhoff 6 years ago
(in reply to this post)


@jhoff: it doesn't seem like it's possible to tell ORF to connect to a dns server on a particular (non 53) port?

by jhoff 6 years ago
(in reply to this post)


no, that is not possible unfortunately.

by Krisztián Fekete (Vamsoft) 6 years ago

I solved it by setting up conditional forwarders for the comcast domains that needed it - working great!

by jhoff 6 years ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed