https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8280
--- Comment #8 from William Herrin <herrin-spamassas...@dirtside.com> --- Dig uses resolv.conf unless overridden on the command line (which I did not). nsswitch and the related libraries are not involved in DNS TXT lookups; they're only for IP address lookups related to the getaddrinfo() series of calls. Debian stable's Net::DNS is version 1.36. Using a simple script, I confirmed that it does fall back to TCP for the overdrive.com TXT lookup. Debian stable's Mail::SPF is version 2.9.0. Using a simple script, I confirmed that it does fall back to TCP for the overdrive.com TXT lookup. However, when Spamassassin does its whole series queries (including the overdrive.com TXT lookup), the tcpdumps do not show a fall back to TCP. I notice that /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm has a bunch of logic for connecting to the DNS server via UDP (connect_sock, Type => SOCK_DGRAM) but no logic for establishing a TCP connection to the resolver (SOCK_STREAM). Unclear why it would need any logic for UDP if it relies on Net::DNS for the connection to the resolver... Have you specifically checked the SPF module for TCP fallback? If your recursive resolver allows large EDNS UDP packets, it won't send a truncated response for overdrive.com. -- You are receiving this mail because: You are the assignee for the bug.