>My experiments on real mail servers show that DNS caching is quite >ineffective for DNSBLs (at least for typical ones like Spamhaus that >use a short TTL on the order of 15-30 minutes.)
That's consistent with what I've seen, although you probably won't be surprised to hear that I have higher hopes for my range published DNSxLs than David does, partly because I expect them to be used for whitelist which tend to cache better for technical reasons. But if you're looking for a DNS cache, I highly recommend unbound. I used to use dnscache but got tired of its limitations (due entirely to it being unchanged since 1998.) My copy of unbound runs about 27M real RAM, 44M virtual, which is pretty modest on my 12G server. R's, John