https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6372
--- Comment #16 from Dave Jones <[email protected]> --- Now that we have the ruleset updates rolling again, I would like to put these rules in with low scores to start testing. This could cause a high volume of DNS queries to ubl.unsubscore.com. Mike Augustine, Are you ready for this new DNS load on ubl.unsubscore.com? I am only seeing a single DNS server ns1.unsubscore.com hosting the ubl subdomain. That's a little odd since the parent unsubscore.com has both ns1 and ns2. Usually there would be the same NS records or more (not less) on the subdomain -- especially not a single DNS server. Even if 64.38.116.15 is BGP-backed by a number of DNS servers, there should be at least 2 NS records following best practices. Is ns1.unsubscore.com and ns2.unsubscore.com BGP-backed by multiple DNS servers around the world? I have no way to estimate the DNS volume but I know it's going to be significant. Once it's enabled, it could take 24 hours to disable if there is a problem. I don't want this to DOS your DNS servers. I guess we could put a version check around the new rules and start out with 3.4.1 to limit the DNS queries to those running the latest version of SA. Then if that is OK we would lower the version number until all "modern" versions are covered then remove the version check completely. This is the only way I know of to ease it in slowly. -- You are receiving this mail because: You are the assignee for the bug.
