Re: SW firewall speed drop :-(
- From: "Sebastian G." <seppi@xxxxxxxxx>
- Date: Fri, 02 Nov 2007 01:36:46 +0100
Lars-Erik Østerud wrote:
Sebastian G. wrote:
It gets parsed only once. It's the lookup time that goes up when combining it with the caching.
But why doesn't the lookup time go up with the DNS client disabled?
The "hosts" files is still searched (entries in it still does work).
I find it strange that lookup is slower WITH the DNS client. Weird.
That's not weird at all. Just think through what the DNS client does when it receives a request from a program:
1. look it up in the HOSTS lists. If found, return the entry.
2. look it up in the cache. If found, return the entry.
3. query the primary DNS resolver for the entry
4. return the entry
5. if the reply was recursive or redirected, check if the entry isn't already on the HOSTS list
6. store the entry it in the cache
Without the caching:
1. look it up in the HOSTS lists. If found, return the entry.
2. query the primary DNS resolver for the entry
3. return the entry
As you can see, for some code pathes the computitional effort for finding an entry is bigger with caching.
Going through a large HOSTS file is essentially implemented as a linear list search. One could do better, but it's not optimized for the scenario BECAUSE ONLY IDIOTS ABUSE THE HOSTS FILE FOR SOMETHING THAT SHOULD BE DONE WITHIN THE APPLICATION OR AT LEAST AT A PROPER PACKET FILTER.
.
- Follow-Ups:
- Re: SW firewall speed drop :-(
- From: John Adams
- Re: SW firewall speed drop :-(
- References:
- Re: SW firewall speed drop :-(
- From: Sebastian G.
- Re: SW firewall speed drop :-(
- From: Sebastian G.
- Re: SW firewall speed drop :-(
- Prev by Date: Re: SW firewall speed drop :-(
- Next by Date: Re: Netscreen ssg5
- Previous by thread: Re: SW firewall speed drop :-(
- Next by thread: Re: SW firewall speed drop :-(
- Index(es):
Relevant Pages
|
