...
NOTE: A local DNS caching server should not forward to other DNS servers to ensure your queries are not combined with others. Forwarding to other DNS servers often results in URIBL_BLOCKED or similar rule hits meaning you have gone over their free usage limit. More info about this can be found in FAQ.
Wikipedia DNS Server feature matrix
Dnsmasq should not be used by SpamAssassin since it can only forward to other DNS servers.
An advanced setup is possible atleast with Unbound and BIND, where queries are forwarded by default to another DNS servers, but exceptions like Spamhaus can be made to go direct. Using global forwarders like Cloudflare (1.1.1.1) or Google (8.8.8.8) can actually improve performance, since their huge caches help with all the common stuff like DKIM, SPF, PTR/MX lookups etc.
Unbound
Packaging varies slightly between distributions so refer Internet articles for details and current information for your OS version. The default configuration files should give us a desired caching non-forwarding DNS server listening locally only.
...