DNS caching service (dnscache)

Revision as of 19:31, 20 March 2019 by Phoenix (talk | contribs) (→‎DNS caching service (dnscache))
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

DNS caching service (dnscache)

   KB 21979        Last updated on 2019-03-20  




0.00
(0 votes)

Starting with Zimbra Collaboration 8.5 and above, there is now a DNS caching service available for installation. It is specifically targeted for MTA nodes, and could be perfect for Single-Server Installations. Three of our supported features rely heavily on DNS lookups:

  • DKIM verification
  • SpamAssassin Scoring
  • Postfix RBLs for spam blocking

Zimbra-dnscache.png

However, remote sites that provide the SpamAssassin scoring and Postfix RBLs do *not* like heavy DNS traffic overloading their servers as DNS-Blocklists often run on the "free for some" model and/or they may limit the number of queries you can perform to maximize resources. Prolonged over-use of their DNS systems will in fact get your MTAs blacklisted from using those services, severely reducing the effectiveness of said services.

How it works

dnscache adds into the MTA servers a local DNS cache server that can keep all the external DNS request, using it the MTA server only need to ask one time to obtain the DNS info of the external domains, and the next times instead ask the Public DNS, the MTA will ask itself saving bandwidth and keep the MTA out of be blacklisted for high DNS request traffic.

How to enable it

To ensure you do not have your MTAs blacklisted the DNS caching package is now part of Zimbra Collaboration. General setup:

Answer [Y] to install zimbra-dnscache
When prompted, list the IP(s) of the sites local DNS servers 

The installer will automatically reconfigure the DNS cache as the primary resolver for the OS.

If you didn't select any DNS server IP, the dnscache will use the Google DNS by default (8.8.8.8)

You can start, stop, restart, reload or see the status using the next command like Zimbra user:

 /opt/zimbra/bin/zmdnscachectl

NOTE: SHOULD NOT BE INSTALLED ON SYSTEMS THAT ALREADY HAVE BIND OR OTHER DNS SERVICES INSTALLED. Instead, the client should configure such servers to also act as a DNS cache.

Check the DNSMasterIP

You can check the DNSMasterIP that your dnscache is using, you can have more than one:

zmprov getServer `zmhostname` | grep DNSMasterIP
zimbraDNSMasterIP: 8.8.8.8

Add a DNSMasterIP

You can also add more DNSMasterIP anytime if you need it, in case that you add some new internal DNS Server, or if you want to have more than the Google ones, for example:

zmprov ms `zmhostname` +zimbraDNSMasterIP  8.8.8.8

Remove a DNSMasterIP

If you want to remove a DNSMasterIP that was introduced wrong, or because the DNS server is not longer available, etc, run the next command:

zmprov ms `zmhostname` -zimbraDNSMasterIP  8.8.8.8

Testing the DNS caching service (dnscache)

For example, let's try to make a DNS request about mail.google.com: First time once request the DNS, is taking 62ms because the MTA asks the dnscache, and the dnscache ask the public DNS:

root@lab1:/home/oper# host -a mail.google.com
Trying "mail.google.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5818
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.google.com.               IN      ANY

;; ANSWER SECTION:
mail.google.com.        21599   IN      TXT     "google-site-verification=PncXpRKRCAlDAdlesTtNFf6k9TvgxgcRfojdaKkEACY"
mail.google.com.        21599   IN      CNAME   googlemail.l.google.com.

Received 141 bytes from 127.0.0.1#53 in 62 ms

Second time once request the DNS, is taking 0ms because the MTA asks the dnscache, and the dnscache have the info already cached, using 0ms not latency, neither bandwidth:

root@lab1:/home/oper# host -a mail.google.com
Trying "mail.google.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52424
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.google.com.               IN      ANY

;; ANSWER SECTION:
mail.google.com.        21593   IN      TXT     "google-site-verification=PncXpRKRCAlDAdlesTtNFf6k9TvgxgcRfojdaKkEACY"
mail.google.com.        21593   IN      CNAME   googlemail.l.google.com.

Received 141 bytes from 127.0.0.1#53 in 0 ms

Additonal Content

ID Name Type Since Description
1569 zimbraDNSMasterIP string 8.5.0 IP Address(es) of the root DNS servers to be used by the DNS cache service
1584 zimbraDNSUseTCP enum 8.5.0 For zimbra dnscache, whether or not to use TCP. Defaults to yes
1586 zimbraDNSUseUDP enum 8.5.0 For zimbra dnscache, whether or not to use UDP. Defaults to yes
1597 zimbraDNSTCPUpstream enum 8.5.0 For zimbra dnscache, whether or not to only use TCP when talking to the upstream Master DNS servers. Defaults to no

Identified Support Issues

  • No Support issues reported yet.
Verified Against: Zimbra Collaboration Suite 8.5 Date Created: 08/04/2014
Article ID: https://wiki.zimbra.com/index.php?title=DNS_caching_service_(dnscache) Date Modified: 2019-03-20



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Wiki/KB reviewed by SME1 SME2 Copyeditor Last edit by Phoenix
Jump to: navigation, search