Many tests in ORF (e.g. the DNS Blacklist test) rely on DNS information. Having reliable and fast access to DNS is essential for ORF to function properly. To manage the DNS settings, select the page in the left-side navigation pane of the Administration Tool, and click the DNS Settings button.
You can choose from two DNS resolvers provided by ORF. To understand the difference between them, a brief overview of the DNS name resolution process is required.
Name resolution is an iterative process. When looking up the DNS "A" record of example.com, the DNS resolver first contacts one of the well-known root DNS servers which provide a starting point for all DNS lookups. The root DNS server will not have the DNS data for example.com, but it knows which DNS servers service the .com zone and will respond with a referral to these servers. The DNS resolver then contacts one of these referred servers, which in turn provides a referral to example.com DNS servers. This cycle of referrals continues until the DNS resolver reaches a name server in the hierarchy which has the answer. This latest server in the chain is called an authoritative name server.
A recursive resolver is a DNS client which can do the whole iterative process described above, chasing the referrals until the authoritative name server is found and a final answer is received.
A much more common type of DNS clients is called a stub resolver. These rely on a known DNS server for name resolution. Instead of iterating through all servers in the hierarchy, they send a so-called recursive query to the known DNS server, asking it to perform the iterations on behalf of them. The server then does the name resolution behind the scenes and returns the answer in a single step. Delegating the complex iteration process to the known DNS server greatly simplifies the process from the resolver's perspective.
The table below compares the two resolvers offered by ORF.
Property | Built-In Resolver | External Servers |
---|---|---|
Resolver type | Recursive resolver | Stub resolver |
Setup and maintenance | Effortless | Difficult |
Firewall requirements | Open UDP/53 and TCP/53 to any hosts | Open UDP/53 and TCP/53 to DNS servers |
Cache lifetime | Resetted on configuration changes | Refer to DNS server configuration |
Sharing cached data between multiple servers | No | Yes |
We recommend using the built-in resolver unless your situation specifically calls for using external servers. Examples of such situations:
The DNS servers used with ORF must meet the following requirements:
The easiest way to comply with the above mentioned requirements is to install Microsoft® DNS Server on the computer where ORF is deployed. This software is part of Windows® Server and can be added as a server role, see this article for detailed instructions.
We do not recommend using more than 2 DNS servers in ORF. It is also advised to keep DNS query timeout low (no more than the default 8 seconds). Using too many DNS servers with high timeout values will result in unexpectedly long email checks when your DNS servers are down, as ORF will wait for each DNS-based test to time out. Sender will give up the delivery attempt eventually, and you may lose legitimate emails.
Click the DNS Settings button on the
page to configure DNS access in ORF. A brief summary of the current DNS settings is displayed below the button.For detailed information, please see the DNS Settings section.
Click the Health Check button to perform a test of the DNS access parameters you specified for ORF.
For more information, see the DNS Health Check section.