On 05/06/11 22:56, E.S. Rosenberg wrote:
Hi, Is dst easier/faster for squid then dstdomain to handle? I'm asking this because I see a lot of the pre-made black/white lists seem to be of the dst type while it seems to me that dstdomain is more effective and easier to manage since you don't need to add an entry for every single host on a domain you want to block/allow you just add .domain.tld to the list. Also as far as I understand when a user tries to use an IP instead of a domain name if the IP is known to be matched to a domain in a list whatever rule was applied to said list will be applied to the IP even though it is not mentioned specifically in the list?
dstdomain is bit dynamic. It is fast for domains and "slow" for raw-IP. It does a plain text match on the value the client gave (whether domain FQDN or textual IP representation). If there was a raw-IP AND it is working in a "slow" access list it will lookup and try to match on the rDNS.
dst must always lookup the IP. So is always "slow" category. On raw-IP requests it can be the faster one.
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2
