Thomas Preißler wrote:
Already tried that. When using unbound as a local caching nameserver and 156.154.70.1 as the resolver, spamassassin produces the same error message. The same happens when unbound accesses the root nameservers directly and acts as a local resolver. But when unbound caches 8.8.8.8 there is no error message from spamassassin.
Do you have a firewall in place that tries to do a deep packet inspection
on DNS UDP packets but does not understand EDNS0 (the OPT RR) ? Try capturing a query & response with 156.154.70.1 on the wire (e.g.: tcpdump -s 0 -w 0.log 'host 156.154.70.1 or icmp' ) while running your mail sample through spamassassin, and see if there is anything funny there. Mark