From owner-freebsd-pf@FreeBSD.ORG  Thu Jul 17 12:55:40 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 732731065675
	for <freebsd-pf@freebsd.org>; Thu, 17 Jul 2008 12:55:40 +0000 (UTC)
	(envelope-from jdc@parodius.com)
Received: from mx01.sc1.parodius.com (mx01.sc1.parodius.com [72.20.106.3])
	by mx1.freebsd.org (Postfix) with ESMTP id 6916A8FC1B
	for <freebsd-pf@freebsd.org>; Thu, 17 Jul 2008 12:55:40 +0000 (UTC)
	(envelope-from jdc@parodius.com)
Received: by mx01.sc1.parodius.com (Postfix, from userid 1000)
	id 19AD61CC09B; Thu, 17 Jul 2008 05:55:40 -0700 (PDT)
Date: Thu, 17 Jul 2008 05:55:40 -0700
From: Jeremy Chadwick <koitsu@FreeBSD.org>
To: Glen Barber <glen.j.barber@gmail.com>
Message-ID: <20080717125540.GA73950@eos.sc1.parodius.com>
References: <48750381.1030004@eskk.nu>
	<4ad871310807170515x5b553661yd64245f7daf2dd61@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4ad871310807170515x5b553661yd64245f7daf2dd61@mail.gmail.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: freebsd-pf@freebsd.org
Subject: Re: New pf install on Freebsd7 seem to be a slow starter.
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jul 2008 12:55:40 -0000

On Thu, Jul 17, 2008 at 08:15:03AM -0400, Glen Barber wrote:
> Hi.  I'm just curious why you decided to use a table for this.  I have
> done something similar (disallowing access to certain domains) using
> macros as follows:
> 
> deny_sites="{ badsite.com , www.myspace.com , badsite2.com }"
> 
> and didn't notice 'slowness' at boot.  This was on a 6.3-RELEASE box,
> if that matters.

I don't think it matters if the entries are in a table or in a macro.

Chances are whatever resolver you're using (e.g. an ISPs DNS server, or
something upstream, versus named on the same box) had all of those
entries cached, or has very good overall response time for DNS lookups.
In the case of the OP, I believe he runs his own named.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |