It turns out that this is due to an internal change introduced in recent versions of Net::DNS, which SA relied upon to set the RD flag automatically. See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7223 for details and a patch.
I noticed today that the hit rate on URIBL* rules had dropped to to zero
since my last round of updates, and after many hours of trying to
determine why which included reviewing BIND configs and packet captures
and dissection, I nailed it down to SA making DNS queries without the
"recursion desired" flag. Since my local nameservers isn't authoritative
for much, this meant a whole lot of "no answer, no error" DNS replies.
- Heads up: Net::DNS update may have quietly broken your Sp... Bill Cole
- Re: Heads up: Net::DNS update may have quietly broke... Olivier Nicole
- Re: Heads up: Net::DNS update may have quietly b... Mark Martinec
- Re: Heads up: Net::DNS update may have quiet... Mark Martinec
- Re: Heads up: Net::DNS update may have quietly broke... Jonathan Nichols
- Re: Heads up: Net::DNS update may have quietly b... Reindl Harald
- Re: Heads up: Net::DNS update may have quietly b... Benny Pedersen
- Re: Heads up: Net::DNS update may have quietly b... Bill Cole
- Re: Heads up: Net::DNS update may have quiet... Jonathan Nichols
