Skip to main content
Version: 0.16

DNS Resolver

The DNS resolver translates human-readable domain names into IP addresses and other machine-readable records. It is used throughout the MTA for MX lookups, IP reputation queries, MTA-STS policy retrieval, and many other operations.

The DNS resolver is configured on the DnsResolver singleton (found in the WebUI under Settings › Network › DNS › DNS Resolver). It is a multi-variant object: each instance selects one of several resolver backends, and the chosen variant determines which fields apply. The supported variants are:

  • System: use the operating-system resolver configured on the host.
  • Cloudflare: use Cloudflare's public DNS service. A TLS option is available via the variant fields.
  • Quad9: use Quad9's public DNS service. A TLS option is available via the variant fields.
  • Google: use Google's public DNS service.
  • Custom: use a list of DNS servers supplied via the servers field. Each entry is a DnsCustomResolver with its own address, port (default 53), and protocol (udp, tcp, or tls).

DNSBL lookups are typically performed against the system resolver or a custom resolver, since most public DNSBL services do not accept queries from public open resolvers.

Common settings

Every variant exposes the following fields with identical semantics:

  • preserveIntermediates: whether to preserve intermediate name servers in resolution results. Default true.
  • concurrency: maximum number of concurrent resolution requests. Default 2.
  • timeout: time after which a resolution request is considered failed. Default 5 seconds.
  • attempts: number of times a resolution request is retried before failing. Default 2.
  • tcpOnError: whether to retry over TCP when a UDP query errors. Default true.
  • enableEdns: whether to enable EDNS, required for some DNS features such as DNSSEC. Default true.

A System-resolver configuration using the default values:

{
  "@type": "System",
  "preserveIntermediates": true,
  "concurrency": 2,
  "timeout": "5s",
  "attempts": 2,
  "tcpOnError": true,
  "enableEdns": true
}

A custom resolver pointing at two local DNS servers and one public one:

{
  "@type": "Custom",
  "servers": [
    {"address": "192.0.2.1", "port": 55, "protocol": "udp"},
    {"address": "192.0.2.3", "port": 55, "protocol": "tcp"},
    {"address": "8.8.8.8"}
  ]
}