>[One should run a caching DNS server on a mail server.] >> We are giving you solid advice based on real experiences where we >> ran into problems and worked around them. Just try to enable RBLs >> and see how it works for you.
>I'm not disputing that running a caching DNS server is a good idea, but >you may be quite surprised at the low cache hit rate for IP-based DNSBLs. >Spamhaus, for example, has a TTL of 1 minute on its A records. (Check >out "host -v 2.0.0.127.sbl.spamhaus.org" if you don't believe me.) >Quite a number of years ago, I ran an analysis of the mail logs on a >very busy server and found an abysmally low cache hit rate (about 30%) >and that was in the day when Spamhaus had a 15-minute TTL. My point was that running a local caching server is the only way one can know exactly how the lookups are happening. If you point to a DNS server that you don't manage, it could be forwarding to an ISP's DNS caches which will aggregate your queries in with others and could cause unexpected results for those RBLs that limit queries. I have 8 mail filters that run a local caching DNS server which forward to a pair of DNS caches running rbldnsd for a local copy of a number of RBL zones including my own private RBL. This configuration has to provide some caching benefits when I get blasted by mass marketing campaigns. Postfix should keep my local cache populated so when SA asks for the same DNS information it would be a few milliseconds response. I should take some time to do some real analysis as you have done. Thanks for the info and link.
