Resolve DNS Forwarder status failures

In Security Connector, you can view the health and traffic statistics of DNS Forwarder.

Health status

This table describes health checks that are completed for DNS Forwarder and the mitigation steps that are suggested to resolve a failure. If you cannot resolve an issue, contact ​Akamai​ Support.

To view the DNS Forwarder health status, see View DNS Forwarder health status.

Operation

Description

Resolution to Failure

Enterprise Resolver Configuration

Checks to see whether corporate resolvers are configured as Security Connector DNS name servers

Make sure that you configure the corporate resolvers as the Security Connector DNS name servers. For more information, see Configure DNS name servers.

Enterprise Resolver Reachability

Checks to see that corporate DNS resolvers are reachable.

  • Review the DNS Name Server configuration.
  • Confirm that corporate DNS resolvers are available.

​Akamai​ DNS Resolver TCP Connectivity

Checks that DNS Forwarder can reach ETP Cloud using TCP

TCP connectivity issues are likely related to your firewall configuration. Confirm that your organization's firewall allows traffic from DNS Forwarder.

​Akamai​ DNS Resolver DoT Engine Status

Checks that DNS Forwarder can establish a TLS connection with ETP Cloud for DoT.

  • Confirm that your firewall allows outbound TCP port 443 or 853 for hostname `.akaetp.net` with `dot` as the ALPN. The port number depends on the port that you configured for DoT in Security Connector. This configuration is required for DoT connections.
  • Review the configuration of the management interface.

DNS Resolver Loop Check

Checks that the primary and secondary DNS Forwarders do not send traffic to one another as a result of misconfiguration.

This operation also confirms that your corporate resolver does not forward requests to DNS Forwarder.

If a loop is detected, the IP address of the server where the loop occurs is listed.

  • Review the configuration of the management interface.
  • Make sure that your corporate DNS servers direct requests to <> DNS and do not send requests to the DNS Forwarder.

Did this page help you?