performance impact of large /etc/hosts files
Alex Zbyslaw
xfb52 at dial.pipex.com
Wed Dec 12 04:31:11 PST 2007
Heiko Wundram (Beenic) wrote:
>Am Mittwoch, 12. Dezember 2007 13:01:14 schrieb Alex Zbyslaw:
>
>
>><snip explanation>
>>I don't see how a firewall is appropriate for this (hosts.allow,
>>likewise). The point of the exercise is to never even contact the ad host.
>>
>>
>
>Transparent proxy with squid on the firewall? There's even plugins to manage
>exactly this kind of ad-blocking with squid; although I don't currently know
>the extension's name.
>
>This is pretty much going to be your only option to do this in a centralized
>fashion.
>
>
>
Squid may well be an alternative solution, but it's not, imho, a
firewall solution as Nikos was proposing.
I have zero experience of squid beyond reading about it, but it has
always sounded like a major resource hog. Perhaps just running one
plugin to do just this would be OK?
The advantage of /etc/hosts is simplicity. For a small home network of
BSD machines it's pretty trivial to propagate updates. Not even *that*
hard to copy the file to a couple windows machines. Beyond that, the
updates could get pretty tedious.
For a network-wide, multi-OS solution I would still look at DNS just
because it's more lightweight than squid. Which is not to say that
someone else shouldn't reach an alternate conclusion :-) Always good to
know what the alternatives are!
Best,
--Alex
More information about the freebsd-questions
mailing list