Anyone else doing this or something similar should stop doing it post haste!
Jeff:
I appreciate your advice. But I'd like some clairification.
1st, I'm not a SpamAssassin user. In fact, none of your particular suggestions (so far) regarding local whitelisting will be benefit me.
2nd, I'm running the TreeWalk DNS caching server on my Windows 2000 server and everything running on my box looks to this application for DNS resolution. TreeWalk by default goes to the root servers for advice... except where I have specified otherwise in some "forwarders" strategically set up. Some of these point to my Hosting provider's DNS server... some point elsewhere.
3rd, ...and most important... this TreeWalk DNS server is **local only**. It is NOT a DNS server that propagates info elsewhere and it ONLY serves up domain resolution to applications running on my box. In fact, there is security set up where my TreeWalk implementation will NOT server requests from outside my box.
Therefore, I **think** that most of your gravest concerns are not applicable???
Finally, the app that I'm using for DNSBL lookups doesn't provide a means to manually whitelist individual entries.
For all these reasons, I see no other choice but to try to override these setting on my server at the DNS level. Sure, doing this to whitelist SURBLs on my DNS caching server is mostly for performance reasons. Therefore, one could argue that it is not worth the hassle just to squeak a little extra performance since these will often be cached from previous lookups.
However, I have not choice but to do this with some OTHER DNSBLs that I use. For example, I do similar lookups with SpamHaus and with MailPolice and there are occasional instances where they are too aggressive. I don't want to NOT use them. I just want to have a means to surgically bypass a **few** of their blocks and doing this in the BIND config files at the **local** DNS caching server level is most efficient. (assuming that I can eventually get the syntax correct!!!)
Again, I'm sure that there must be a way for me to get what I want... and it seems like even if I'm doing something that isn't "by the book" there must be a way to accomplish it without the more nasty repercussions that you refer to.
Any suggestions/comments?
Thanks,
Rob McEwen