On Fri, Aug 27, 2004 at 05:19:07PM -0400, Jason Opperisano wrote: > long answer: it has been discussed on this list previously that > connection tracking DNS queries/responses on or for a busy DNS server > (i think the number was ~ 200 queries/second) will slow the name > resolution process down. the reason being that the state creation > adds noticeable, unnecessary latency, as most (all?) queries are one > packet request--one packet response. I've a vague recollection of being able to specify that a rule won't create an entry in the state table, so for situations like this netfilter can act faster, as long as you specify the correct rules for connections both ways. However I can't find anything in the documentation about this... after a cursory look... can anyone refresh my memory? -- mors omnia vincit
