Date: Thu, 17 Jul 2008 09:00:01 -0400 From: "Glen Barber" <glen.j.barber@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: New pf install on Freebsd7 seem to be a slow starter. Message-ID: <4ad871310807170600of904ddvfa31f3f1bf2e421d@mail.gmail.com> In-Reply-To: <20080717125540.GA73950@eos.sc1.parodius.com> References: <48750381.1030004@eskk.nu> <4ad871310807170515x5b553661yd64245f7daf2dd61@mail.gmail.com> <20080717125540.GA73950@eos.sc1.parodius.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 17, 2008 at 8:55 AM, Jeremy Chadwick <koitsu@freebsd.org> wrote:
> On Thu, Jul 17, 2008 at 08:15:03AM -0400, Glen Barber wrote:
>> Hi. I'm just curious why you decided to use a table for this. I have
>> done something similar (disallowing access to certain domains) using
>> macros as follows:
>>
>> deny_sites="{ badsite.com , www.myspace.com , badsite2.com }"
>>
>> and didn't notice 'slowness' at boot. This was on a 6.3-RELEASE box,
>> if that matters.
>
> I don't think it matters if the entries are in a table or in a macro.
>
> Chances are whatever resolver you're using (e.g. an ISPs DNS server, or
> something upstream, versus named on the same box) had all of those
> entries cached, or has very good overall response time for DNS lookups.
> In the case of the OP, I believe he runs his own named.
>
I was under the assumption the OP runs his own DNS server, as that is
how my machine was set up.
Regards,
--
Glen Barber
http://www.dev-urandom.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ad871310807170600of904ddvfa31f3f1bf2e421d>