DNS caching and TLS session resumption should already be activated in your Openfire.
You can view the DNS cache: Server Manager => Cache Summary => DNS Records.
TLS stream resumption is described in XEP-0198 . You can view the Openfire settings for XEP-0198 in System Properties:
The DirectTLS-based server-to-server port is 5270 (see OF-2369 improvement in version 4.7.0).
DNS settings are crucial to get S2S federation to work. Most people forget to add the SRV records for the Openfire sub-domains, e.g.
- ‘conference.openfire.mydomain.org’ for MUC rooms
- ‘search.openfire.mydomain.org’ for user search
- ‘proxy.openfire.mydomain.org’ for file transfer
- ‘broadcast.openfire.mydomain.org’ if the Broadcast plugin is used
- ‘pubsub.openfire.mydomain.org’ for the Publish Subscribe service
But since you use Openfire over INMARSAT, you may also try to use the ‘dnsutil.dnsOverride’ property of Openfire (see github). This article explains how to use it.