performance impact of large /etc/hosts files

Alex Zbyslaw xfb52 at
Wed Dec 12 04:31:11 PST 2007

Heiko Wundram (Beenic) wrote:

>Am Mittwoch, 12. Dezember 2007 13:01:14 schrieb Alex Zbyslaw:
>><snip explanation>
>>I don't see how a firewall is appropriate for this (hosts.allow,
>>likewise).  The point of the exercise is to never even contact the ad host.
>Transparent proxy with squid on the firewall? There's even plugins to manage 
>exactly this kind of ad-blocking with squid; although I don't currently know 
>the extension's name.
>This is pretty much going to be your only option to do this in a centralized 
Squid may well be an alternative solution, but it's not, imho, a 
firewall solution as Nikos was proposing.

I have zero experience of squid beyond reading about it, but it has 
always sounded like a major resource hog.  Perhaps just running one 
plugin to do just this would be OK?

The advantage of /etc/hosts is simplicity.  For a small home network of 
BSD machines it's pretty trivial to propagate updates.  Not even *that* 
hard to copy the file to a couple windows machines.  Beyond that, the 
updates could get pretty tedious.

For a network-wide, multi-OS solution I would still look at DNS just 
because it's more lightweight than squid.  Which is not to say that 
someone else shouldn't reach an alternate conclusion :-)  Always good to 
know what the alternatives are!



More information about the freebsd-questions mailing list