Return-Path: 
 <users-return-94501-apmail-spamassassin-users-archive=spamassassin.apache.org@spamassassin.apache.org>
X-Original-To: apmail-spamassassin-users-archive@www.apache.org
Delivered-To: apmail-spamassassin-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 69E0B6ADC
	for <apmail-spamassassin-users-archive@www.apache.org>;
 Mon,  4 Jul 2011 19:27:08 +0000 (UTC)
Received: (qmail 77318 invoked by uid 500); 4 Jul 2011 19:27:05 -0000
Delivered-To: apmail-spamassassin-users-archive@spamassassin.apache.org
Received: (qmail 77270 invoked by uid 500); 4 Jul 2011 19:27:04 -0000
Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:users-help@spamassassin.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@spamassassin.apache.org>
List-Post: <mailto:users@spamassassin.apache.org>
List-Id: <users.spamassassin.apache.org>
Delivered-To: mailing list users@spamassassin.apache.org
Received: (qmail 77263 invoked by uid 99); 4 Jul 2011 19:27:04 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Jul 2011 19:27:04 +0000
X-ASF-Spam-Status: No, hits=-5.0 required=10.0
	tests=RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_SAFE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of
 prvs=01593d4155=johnl@iecc.com designates 64.57.183.53 as permitted sender)
Received: from [64.57.183.53] (HELO gal.iecc.com) (64.57.183.53)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Jul 2011 19:26:56 +0000
Received: (qmail 66253 invoked from network); 4 Jul 2011 19:26:35 -0000
Received: from mail1.iecc.com (64.57.183.56)
  by mail1.iecc.com with QMQP; 4 Jul 2011 19:26:35 -0000
Date: 4 Jul 2011 19:26:13 -0000
Message-ID: <20110704192613.56994.qmail@joyce.lan>
From: "John Levine" <johnl@taugh.com>
To: users@spamassassin.apache.org
Cc: dfs@roaringpenguin.com
Subject: Re: TTL and DNSBLs (was Re: SpamTips.org: Why run your own DNS
 server?)
In-Reply-To: <20110704092419.36e1936d@hydrogen.roaringpenguin.com>
Organization: 
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 7bit

>My experiments on real mail servers show that DNS caching is quite
>ineffective for DNSBLs (at least for typical ones like Spamhaus that
>use a short TTL on the order of 15-30 minutes.)

That's consistent with what I've seen, although you probably won't be
surprised to hear that I have higher hopes for my range published
DNSxLs than David does, partly because I expect them to be used for
whitelist which tend to cache better for technical reasons.

But if you're looking for a DNS cache, I highly recommend unbound.
I used to use dnscache but got tired of its limitations (due entirely
to it being unchanged since 1998.)  My copy of unbound runs about
27M real RAM, 44M virtual, which is pretty modest on my 12G server.

R's,
John