Re: /bzr/squid3/trunk/ r9887: Docs: dstdomain is a 'FAST' group ACL.

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Sun, 09 Aug 2009 22:47:58 +0200

sön 2009-08-09 klockan 12:38 +1200 skrev Amos Jeffries:

> Worst-case;
> adding slow dstrdns which always converts whats given to IP and then
> converts that to rDNS may be a possibility.

I'd rather see an option to dstdomain to disable rDNS lookups if
undesired. It by default does a reverse lookup to stop some of the
bypass attempts when used as a filter, and adding yet another acl for
reverse lookups just complicates life with no added benefit.

In terms of documentation it's better to clearly document when an acl
lookup is fast or "slow". For quite many purposes even slow type acls is
suitable to be used in fast paths (when the acl data is already cached
and false negatives is not a big issue).

Regards
Henrik
Received on Sun Aug 09 2009 - 20:48:07 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 13 2009 - 12:00:04 MDT