On Tue, Jun 07, 2011 at 07:03:34AM -0400, Wietse Venema wrote:
> Note the following difference.
>
> postscreen caches that the client IS NOT listed in DNSBL.
> It doesn't cache clients that are listed.
>
> DNS servers cache that the client IS listed in DNSBL.
> They don't cache non-existent DNSBL records.
This depends on the negative TTL of the RBL zone. Generally, RBL
zones have comparable positive and negative TTLs.
For example Zen seems to have a 3 minute negative TTL:
$ dig +noall +ans +auth -t a 127.2.0.192.zen.spamhaus.org
zen.spamhaus.org. 150 IN SOA need.to.know.only.
hostmaster.spamhaus.org. 1106071530 3600 600 432000 150
And a 15 minute positive TTL:
$ dig +noall +ans -t a 126.145.66.190.zen.spamhaus.org
126.145.66.190.zen.spamhaus.org. 900 IN A 127.0.0.4
126.145.66.190.zen.spamhaus.org. 900 IN A 127.0.0.11
--
Viktor.
