Date: Thu, 17 Jul 2008 05:55:40 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Glen Barber <glen.j.barber@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: New pf install on Freebsd7 seem to be a slow starter. Message-ID: <20080717125540.GA73950@eos.sc1.parodius.com> In-Reply-To: <4ad871310807170515x5b553661yd64245f7daf2dd61@mail.gmail.com> References: <48750381.1030004@eskk.nu> <4ad871310807170515x5b553661yd64245f7daf2dd61@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 17, 2008 at 08:15:03AM -0400, Glen Barber wrote:
> Hi. I'm just curious why you decided to use a table for this. I have
> done something similar (disallowing access to certain domains) using
> macros as follows:
>
> deny_sites="{ badsite.com , www.myspace.com , badsite2.com }"
>
> and didn't notice 'slowness' at boot. This was on a 6.3-RELEASE box,
> if that matters.
I don't think it matters if the entries are in a table or in a macro.
Chances are whatever resolver you're using (e.g. an ISPs DNS server, or
something upstream, versus named on the same box) had all of those
entries cached, or has very good overall response time for DNS lookups.
In the case of the OP, I believe he runs his own named.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080717125540.GA73950>