Built-in recursive DNS resolver in 5.4 RSS Back to forum
@mike.galbicka:
Hello Mike,
If you want to use the built-in DNS resolver you have to open the ports UDP/53 and TCP/53 to any internet hosts, as ORF will perform the DNS lookups recursively on its own - without the help of any external DNS server.
However, if you want to keep using an external DNS resolver and/or you cannot allow DNS traffic to any hosts (i.e. you must restrict the DNS ports to a specific nameserver), you should keep using ORF with your current settings - with the "external DNS server" option enabled: http://vamsoft.com/support/docs/orf-help/5.4/adm-dns-settings
@Daniel Novak (Vamsoft):
Then this rule would work I assume.
Orf Server IP Address -> Any External IP Address Allow UDP/TCP port 53
@Daniel Novak (Vamsoft): I created and enabled the firewall rule then did the upgrade and enabled the built in recursive DNS resolver and all is well.
Actually after monitoring for a few days I am noticing the DNS timeout counter is running much higher then before. It is currently set with a 12 second timeout. I also notice that DNS caching is not available with the recursive resolver.
@mike.galbicka:
Hello mike,
That is correct, ORF's built-in recursive resolver has its own caching mechanism, thus you cannot share the cached DNS data with other servers (see the related ORF help topic: https://vamsoft.com/support/docs/orf-help/5.4/adm-dns). Furthermore, the built-in resolver depends on the available system resources of the underlying computer, thus it can become resource starved if the server gets overloaded.
I am currently on 5.1 and will be upgrading soon to 5.4. We limit DNS queries with firewall rules to enforce using OpenDNS for content filtering. What type of firewall rule would I need to use this feature?