5.3 ORF Online Help
Select your ORF version:

Table of Contents

DNS

The automated tests of ORF (such as the DNS Blacklist test) rely on DNS lookups. It is essential to have a DNS server which can perform lookups in a timely fashion and provide up-to-date information to ORF. To manage the DNS settings, select the SystemDNS page in the left-side navigation pane of the Administration Tool.

DNS Server requirements

DNS servers should/must meet the following requirements:

  • They must support recursion
    Recursion means the DNS server returns the query result in a single step instead of redirecting ORF to the root DNS servers. This feature in enabled by default in Microsoft® DNS servers.
  • They should be on the local network or on the ORF computer
    Using ISP DNS servers and third-party DNS resolution services (such as OpenDNS or Google Public DNS) is discouraged: you have no control of the configuration of such third-party party DNS servers, and these are usually banned by free DNS and URL Blacklist lookup services (i.e., they will not reply to the queries or return false data).
  • They should not use forwarders (e.g., ISP DNS servers)
    Forwarders usually work with a large cache, which is usually no problem in simple name resolution, but will cause inaccurate (outdated) query results to be returned when checking online DNS and URL blacklists, causing degraded filtering performance.
  • They should not be the DNS servers which support your Active Directory
    Occasionally, ORF may need to query the records of your own domain (e.g., for the SPF test). If your internal AD domain name is the same as your public domain name (e.g., domain.com, instead of domain.local or domain.internal), ORF may receive different DNS information than the publicly available. This may cause false positives or other issues.

The easiest way to comply with the above mentioned requirements is to install Microsoft® DNS Server on the computer where ORF is deployed. This software is part of Windows® Server and can be added as a server role, see this article for detailed instructions.

Other recommendations

We do not recommend using more than 2 DNS servers in ORF. It is also suggested to keep DNS query timeout low (no more than the default 12 seconds). Using too many DNS servers with high timeout values will result in unexpectedly long email checks when your DNS servers are down, as ORF will wait for each DNS-based test to time out. Sender will give up the delivery attempt eventually, and you may lose legitimate emails.

DNS settings

By clicking the DNS Settings button, you can configure the DNS server(s) ORF will use for lookups, set the timeout, and configure DNS caching among other things. A brief summary of the current DNS settings is displayed below the above mentioned button.

For detailed instructions, please see the DNS Settings section.

Health check

Click the Health Check button to perform a test of the DNS servers you specified for ORF.

For more information, see the DNS Health Check section.

Copyright © Vamsoft Ltd. 2024. All rights reserved. Document ID adm-dns, version 1.