GreenArrow Documentation

DNS Cache

GreenArrow Engine comes with a DNS caching server which can dramatically improve performance when compared to querying external DNS servers each time a DNS lookup takes place.

Configuration

In most cases, the only configuration that’s necessary to use GreenArrow’s DNS caching server is to place the following line in the /etc/resolv.conf file:

nameserver 127.0.0.1

127.0.0.1 should be the only nameserver listed in this file. If your GreenArrow server uses a network management application that updates the contents of /etc/resolv.conf, then it may also be necessary to update that service’s name server configuration.

Testing

To verify that GreenArrow’s DNS caching server is running, run the following command. If its output indicates that the service has been running for 5 seconds or longer, then it’s probably functioning normally.

svstat /service/hvmail-dnscache/

Once you’ve verified that GreenArrow’s DNS caching server is running, you can use the dig command to verify that it’s functioning correctly. For example, to look up the MX record for gmail.com, you would run:

dig mx gmail.com @127.0.0.1

Collocating with BIND

GreenArrow’s DNS caching server binds to port 53 on 127.0.0.1. If you’re running BIND on the same server as GreenArrow, BIND can be configured not to bind to 127.0.0.1 by updating the listen-on directive. For example, to only bind to 1.2.3.4 and 1.2.3.5, you would include the following in BIND’s configuration:

listen-on { 1.2.3.4; 1.2.3.5; };

Configuring the DNS Cache’s Upstream Servers

GreenArrow’s DNS caching server queries the IP addresses listed in the /var/hvmail/control/dnscache/root/servers/@ file when it needs to look up a DNS record. The default set of IP addresses can be left in place in most circumstances, but if you’d rather use another list of DNS servers for this purpose, this can be done by updating the contents of the /var/hvmail/control/dnscache/root/servers/@ file, then restarting the dnscache service by running:

svc -t /service/hvmail-dnscache/

After applying this change, perform the steps listed in the Testing section of this document to confirm that the DNS caching server is functioning correctly.

DNS Cache forward-only mode

By default, the DNS caching service treats upstream IPs as root nameservers. If you’d rather it treat these IPs as DNS caching servers, activate the FORWARDONLY setting, then restart the DNS Cache. This should be done in special situations like if there are firewalls in place that prevent GreenArrow’s DNS Caching server from querying other upstream DNS servers.

In forward-only mode, GreenArrow’s DNS caching service treats the server(s) listed in /var/hvmail/control/dnscache/root/servers/@ as recursive DNS resolvers. The default IPs in that configuration file are not intended to be used as DNS Caches, so if you activate this FORWARDONLY setting be sure to delete all of the default IPs in that configuration file and replace them with your own.

Once you have updated the IP addresses in that config, run these commands to enable the FORWARDONLY setting:

echo 1 > /var/hvmail/control/dnscache/env/FORWARDONLY
svc -t /service/hvmail-dnscache/

After applying this change, perform the steps listed in the Testing section of this document to confirm that the DNS caching server is functioning correctly.

DNS Caching within greenarrow-remote

greenarrow-remote - the program that attempts deliveries within GreenArrow Engine contains its own DNS cache. Entries in this cache are stored for a maximum of 6 minutes.

Thus, if a problem in the resolver is fixed or a DNS record is changed, it may take up to 6 minutes for GreenArrow Engine to attempt a new lookup.

 Network Services
HTTP Server