TLD questions
-
Hey folks,
i enabled tld in pfblockerng-dev last night and was wondering about the performance.
looked around at the posts of others and some say their system crashed or whatever.. i didn't face that issue, although my ram temporarily went up to over 75% (of a 16gig system, which is kind've incredible considering how lean and efficient bsd is), and my /var folder temporarily filled to 98% (and i devoted 1Gig to it and /tmp).
i guess i understand how it has to process all the subdomains, etc.. and i understand how it increases security, so here's my question:
once all the subdomains have been processed, doesn't it effectively 'shrink' the list? put another way, if it's blocking an entire domain instead of filtering out the subdomains, wouldn't that increase performance?
put yet another way,www.crap.com/this_weeks_crap/todays_special_crap, which would normally take multiple ip addresses, has now been whittled down to just just blocking www.crap.com altogether..
i guess i have to study more on how ip ranges work.. it seems to me that just blocking the top domain saves all the trouble of the particulars of the subdomains, which (in many cases) result in faster performance.
thanks for the education and patience
-
You posted your question in the IDS/IPS forum by mistake. I suspect you wanted to post in the pfBlockerNG/pfBlockerNG-devel forum instead.
-
@bmeeks yes you're correct.
sorry about that