On Wed, 15 Nov 2017 12:03:58 -0500 Rob McEwen wrote:
> Why is this "Direct DNS Querying Per DNSBL Zone" feature > needed/important? In most of these cases you'd be better-off simply setting "dns_server" in the SA configuration. This eliminates the effect of changes to resolv.conf, and the setting takes a port value, so it needn't even point to localhost:53. The change does provide a benefit where an admin can't even start a daemon on a non-standard port, but I think its general usefulness has been greatly inflated. What is interesting about this is if it were implemented in full, with DNS caching, it wouldn't be much more difficult to have SA do an NS look-up to find authoritative servers for each list. That would allow network tests to work correctly by default.
