You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by Apache Wiki <wi...@apache.org> on 2018/10/02 19:14:26 UTC

[Spamassassin Wiki] Update of "CachingNameserver" by HenrikKrohns

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Spamassassin Wiki" for change notification.

The "CachingNameserver" page has been changed by HenrikKrohns:
https://wiki.apache.org/spamassassin/CachingNameserver?action=diff&rev1=39&rev2=40

  
  SpamAssassin will perform many DNS lookups for NetworkTests to significantly improve scoring of messages primarily by DNSBlocklists like Spamhaus, SORBS, etc.  This information needs to be cached locally to improve performance and limit the number of external DNS queries since some DNSBlockLists have limits on free usage.
  
- NOTE: A local DNS caching server should not forward to other DNS servers to ensure your queries are not combined with others.  Forwarding to other DNS servers often results in URIBL_BLOCKED rule hits meaning you have gone over their free usage limit.
+ NOTE: A local DNS caching server should not forward to other DNS servers to ensure your queries are not combined with others.  Forwarding to other DNS servers often results in URIBL_BLOCKED or similar rule hits meaning you have gone over their free usage limit.  More info about this can be found in [[https://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block|FAQ]].
  
  [[https://en.wikipedia.org/wiki/Comparison_of_DNS_server_software#Feature_matrix|Wikipedia DNS Server feature matrix]]
  
  Dnsmasq should not be used by SpamAssassin since it can only forward to other DNS servers.
+ 
+ An advanced setup is possible atleast with Unbound and BIND, where queries are forwarded by default to another DNS servers, ''but exceptions like Spamhaus can be made to go direct''.  Using global forwarders like Cloudflare (1.1.1.1) or Google (8.8.8.8) can actually improve performance, since their huge caches help with all the common stuff like DKIM, SPF, PTR/MX lookups etc.
  
  == Unbound ==
  Packaging varies slightly between distributions so refer Internet articles for details and current information for your OS version.  The default configuration files should give us a desired caching non-forwarding DNS server listening locally only.