I found out the hardway that if you switch from the default Google DNS servers (located in /etc/resolv.conf for Centos12) and use CloudFare DNS , which are faster for my server location of 1.1.1.1 and 1.0.0.1 your inbound email will most likely fail as spamhaus.org will reject the query and reject the message.
Its been posted before somewhat here:
Apparently there is away around it but you have to sign up for something
Will be interesting to see if people are doing about this? Do people even care for 0.2ms DNS lookup difference?
I always use my own dns resolver (PowerDNS Recursor). Here a test using a few common public dns resolvers and my own resolver (127.0.0.1).
My own resolver isn’t the faster on a first query (it is the second faster) and that is because public resolvers could have the query already cached but it is fastest on average.
$ dnseval -f list-dns -c 25 -t A 127.0.0.127.zen.spamhaus.org
server avg(ms) min(ms) max(ms) stddev(ms) lost(%) ttl flags response
-----------------------------------------------------------------------------------------------------------------
1.1.1.1 22.555 4.848 38.482 12.826 %0 2100 QR -- -- RD RA -- -- NOERROR
1.0.0.1 9.053 4.829 37.138 9.087 %0 2100 QR -- -- RD RA -- -- NOERROR
8.8.8.8 6.980 3.827 25.382 4.934 %0 N/A QR -- -- RD RA -- -- NXDOMAIN
8.8.4.4 4.186 3.781 4.603 0.215 %0 N/A QR -- -- RD RA -- -- NXDOMAIN
9.9.9.9 19.463 9.081 62.395 12.969 %0 2099 QR -- -- RD RA -- -- NXDOMAIN
9.9.9.10 15.939 9.204 31.869 6.497 %0 2099 QR -- -- RD RA -- -- NOERROR
127.0.0.1 0.939 0.056 21.717 4.329 %0 N/A QR -- -- RD RA -- -- NXDOMAIN