https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6372
--- Comment #19 from Dave Jones <[email protected]> --- Just an FYI. I am seeing about 500,000 unique IPs on my SA mirrors running sa-update the past two days. It's not an exact number of SA instances due to NAT and not everyone could be running sa-update regularly, but it's an rough number to work with. Due to DNS caching and SA instances pointing to ISP/Google/OpenDNS/etc. DNS servers, this doesn't mean that the ubl.unsubscore.com will be hit directly by half-a-million IPs. Also, in addition to the single ns1 NS record issue for ubl.unsubscore.com, it's NS record TTL is set to 600 seconds. If this is a static NS record, then it should be at least 3600 or 7200. Most of the time NS records should be 86400 or higher unless there is some specific reason that NS records need to change quickly for some advanced HA setup. Check out google.com's NS records which are set at days not minutes. Currently if ns1.ubl.unsubscore.com went offline for more than 600 seconds for any reason, then the whole zone will drop off of the Internet -- DNS caches would flush all records and not be able serve responses to new DNS queries to ubl.unsubscore.com. https://intodns.com/ubl.unsubscore.com Another thing, the SOA serial is 16 which is a bit odd too since this zone should be changing every few minutes when records are added/updated/removed. The SOA serial is really only used in traditional slaving but it's also informative of DNS hosting health. -- You are receiving this mail because: You are the assignee for the bug.
