Hi,
On Tue, 19 Mar 2002, Steve Bremer wrote:
> Yes, this is a good idea, but it isn't the problem I'm having. My
> tcp/udp port 53 is closed on the external interface. My problem is
> trying to stop squid from listening on all interfaces on a udp port >
> 1023.
I suspect it was done to try and keep things simple. Look at what is being
done aginast the alternative.
What is being done: squid opens ONE udp port and leaves it open. All DNS
requests go out through this port. All answers come back to this port. All
squid has to do is keep track of which query each answer belongs to.
Alternative: for EVERY dns request that cannot be answered from its
internal cache, open a UDP socket, send a request and wait for a response
to that port. Squid still has to keep track of which query a response
belongs to but now it must use many more sockets (file descriptors). This
uses kernel resources (sockets/file descriptors, memory, ...) and squid
resources (memory, probably a call-back for eack open socket...) - makes
squid slower and more complex. You could potentially use a hundred or more
DNS sockets on a busy system.
Colin
Received on Tue Mar 19 2002 - 16:14:15 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:00 MST