FTGate and reliable DNS

In order for mail to be delivered both to and from your server, for filtering to be performed and for sender validation, your FTGate server will need access to a reliable DNS server. This is so that names can be converted to addresses, delivery information, blacklists et al can be checked.

Unlike most connection types on the internet, DNS uses a packet transmission system rather than opening a connection. A request is made by sending a packet to a server and waiting for a response. If the DNS server is down, or busy, or doesn’t service that type of request you often get no reply at all. So the mail server just will just sit there waiting for a reply until it times out. This will happen for every request. So an unreliable DNS will bring your server to a complete standstill.

Your ISP should give you the address of their DNS servers, and this should be used as the DNS server for your FTGate PC. This gives the fastest response and their servers should be reliable.

However, we have seen a rise in customers who are using a public DNS service, either because they don’t know their ISP’s DNS address or because of their ISP doesn’t have a DNS server (which is very bad if they are offering a business service).

The most common of these are GoogleDNS and OpenDNS. The GoogleDNS is not suitable in any way for use with a mail server. It only stores records for web browsing and all other traffic will fail. The OpenDNS servers will respond to most requests but will fail for many SPF and blacklist lookups, making them pretty much useless for business and we have noted that they appear to have periods during which they do not respond.

We would recommend that you use the ISP DNS servers whenever possible, but in the event of their not offering a complete service to their customers you can always run your own inexpensive DNS server on the same PC as FTGate.

We have used the product SimpleDNS (http://www.simpledns.com/) here and have found it to be suitable for most business sizes and can recommend it to our customers. Please note that we are in no way associated with SimpleDNS.