Hi,
As i know smg only checks dnsbl only against the connecting ip and not the ips within the "received" headers.
Only a few products and dnsbl give you the possibility to activate this feature, eg spamhaus tells you not to use it - https://www.spamhaus.org/zen
DNSBL (or RBL, same just other name) is based on ips. By activating dnsbl your server askes a dns service for an ip. There's an ip behind a domain, too. So no difference ...
What do you mean by "Because the domain name check is still done after ..."?
You dont have the possibility to activate dnsbl there. Or did i just missed something?
Sorry, but (from my prospective) you have to think about the architecture or adding dnsbl at the first tier.
Thomas