From owner-freebsd-questions@FreeBSD.ORG Wed Dec 12 12:35:28 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9FB8F16A417 for ; Wed, 12 Dec 2007 12:35:28 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from smtp.teledomenet.gr (smtp.teledomenet.gr [213.142.128.2]) by mx1.freebsd.org (Postfix) with ESMTP id 4227A13C4D3 for ; Wed, 12 Dec 2007 12:35:28 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: by smtp.teledomenet.gr (Postfix, from userid 58) id 65B0914220F; Wed, 12 Dec 2007 14:35:27 +0200 (EET) X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on smtp.teledomenet.gr X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.3 Received: from iris (unknown [192.168.1.71]) by smtp.teledomenet.gr (Postfix) with ESMTP id 91AE31420E6; Wed, 12 Dec 2007 14:35:24 +0200 (EET) From: Nikos Vassiliadis To: Alex Zbyslaw Date: Wed, 12 Dec 2007 14:38:01 +0200 User-Agent: KMail/1.9.7 References: <475E0190.7030909@pacific.net.sg> <200712120920.46626.nvass@teledomenet.gr> <475FCD8A.5090903@dial.pipex.com> In-Reply-To: <475FCD8A.5090903@dial.pipex.com> X-NCC-RegID: gr.telehouse MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200712121438.01515.nvass@teledomenet.gr> Cc: freebsd-questions@freebsd.org Subject: Re: performance impact of large /etc/hosts files X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Dec 2007 12:35:28 -0000 On Wednesday 12 December 2007 14:01:14 Alex Zbyslaw wrote: > but I'm going to spend *forever* before I get all those IP addresses > from a round-robin DNS entry to put into some ipfw table, No, it's going to take something like 5 minutes. At least for a 1420 lines hosts file. > and if any of > those addresses also hosts the main site, I end up blocking that too. Yes, but I doubt there is any other service on these web servers. > > I don't see how a firewall is appropriate for this (hosts.allow, > likewise). The point of the exercise is to never even contact the ad > host. The point of the exercise is not that apparent to everybody. > If I've misunderstood something about your approach, please enlighten > me. You misunderstood something, just because you and some people do it, does is it make it the legitimate usage of /etc/hosts? That's not the apparent usage of /etc/hosts to everyone. I said I need more info, and I tried to guess what he does. Please read the whole thread before trying to be that didactic! Cheers, Nikos