On 05/06/11 22:56, E.S. Rosenberg wrote:
> Hi,
> Is dst easier/faster for squid then dstdomain to handle?
> I'm asking this because I see a lot of the pre-made black/white lists
> seem to be of the dst type while it seems to me that dstdomain is more
> effective and easier to manage since you don't need to add an entry
> for every single host on a domain you want to block/allow you just add
> .domain.tld to the list.
> Also as far as I understand when a user tries to use an IP instead of
> a domain name if the IP is known to be matched to a domain in a list
> whatever rule was applied to said list will be applied to the IP even
> though it is not mentioned specifically in the list?
dstdomain is bit dynamic. It is fast for domains and "slow" for raw-IP.
It does a plain text match on the value the client gave (whether domain
FQDN or textual IP representation). If there was a raw-IP AND it is
working in a "slow" access list it will lookup and try to match on the rDNS.
dst must always lookup the IP. So is always "slow" category. On raw-IP
requests it can be the faster one.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2Received on Sun Jun 05 2011 - 11:19:32 MDT
This archive was generated by hypermail 2.2.0 : Mon Jun 06 2011 - 12:00:02 MDT