Well 0.14 (compared to 0.11) has definately cut the DNS queries down to size....... almost.... I notice one strange thing, after resolving a redirected URL it seems to perform a DNS lookup on the actual URL as well as looking it up on SURBL. For example:
query: evergreen--munged--wholesaledist.info.ws.surbl.org IN A query: yahoo.com.sc.surbl.org IN A query: rd.yahoo.com IN A
The first query is the properly extracted redirect URL, the second query is the base of the URL, yahoo.com, but the third query puzzles me. Why look up rd.yahoo.com itself ?
Hmm. I think you might be seeing the name server resolution for the HTTP GET request. I am only doing name server lookups against the RBL hence all the queries directly related to SpamCopURI should have something on the right hand side.
You do an HTTP GET request on the URL ? Ah, that would explain the dns query, although I'm not sure why you'd want to do an HTTP GET request from a potentially hostile server ? Or do you only do this with servers listed as redirectors ?
Regards, Simon