DNS Forwarder status

In Security Connector, you can view the health and traffic statistics of DNS Forwarder.

Health status

This table describes health checks that are completed for DNS Forwarder and the mitigation steps that are suggested to resolve a failure. If you cannot resolve an issue, contact Akamai Support.

Operation Description Resolution to Failure
Enterprise Resolver Configuration Checks to see whether corporate resolvers are configured as Security Connector DNS name servers Make sure that you configure the corporate resolvers as the Security Connector DNS name servers. For more information, see Configure DNS name servers.
Enterprise Resolver Reachability Checks to see that corporate DNS resolvers are reachable.
  • Review the DNS Name Server configuration.
  • Confirm that corporate DNS resolvers are available.
Akamai DNS Resolver TCP Connectivity Checks that DNS Forwarder can reach ETP Cloud using TCP TCP connectivity issues are likely related to your firewall configuration. Confirm that your organization's firewall allows traffic from DNS Forwarder.
Akamai DNS Resolver DoT Engine Status Checks that DNS Forwarder can establish a TLS connection with ETP Cloud for DNS over TLS (DoT).
  • Confirm that your firewall allows outbound TCP port 443 or 853 for hostname *.r11.dot.dns.akasecure.net and *.akaetp.net with dot as the Application-Layer Protector Navigation (ALPN). The port number depends on the port that you configured for DoT in Security Connector. This configuration is required for DoT connections.
  • Review the configuration of the management interface.
DNS Resolver Loop Check Checks that the primary and secondary DNS Forwarders do not send traffic to one another as a result of misconfiguration.

This operation also confirms that your corporate resolver does not forward requests to DNS Forwarder.

If a loop is detected, the IP address of the server where the loop occurs is listed.

  • Review the configuration of the management interface.
  • Make sure that your corporate DNS servers direct requests to ETP DNS and do not send requests to the DNS Forwarder.

Traffic statistics

When you manage DNS Forwarder, you can view traffic statistics for DNS Forwarder. This area of Security Connector reports traffic statistics in five minute intervals. These statistics are based on activity that occurred in the last five minute interval. The reported time is provided. The statistics automatically update with the next interval.

This data includes the total number of:
  • Queries received by DNS Forwarder
  • Queries that received a response from DNS Forwarder
  • Queries that are resolved by the corporate DNS resolver
  • Queries that are resolved with ETP DNS as a result of DNS over TLS (DoT)
  • Queries sent to ETP DNS as result of DoT
  • Queries that fallback to ETP DNS through UDP
  • Queries that fallback to Enterprise Resolver
  • Errors