Article delegate-en/3973 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3959@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: delegated reload very slow most of time.
13 May 2008 02:32:46 GMT "David Wang" <pomhqbdyi-5vjbuj4tmilr.ml@ml.delegate.org>


Hi Yutaka,

Thanks a lot for information.
But I tested for a while, and found when I add new IP address/hostname
prefix with '-', it will bypass name resolution, but it's not working,
client side get "unmatch PERMIT" error. I still need to remove the prefix
'-', then restart delegate, then working. The new IP address added must be
resolved, otherwise no working, please see the permit config file and
error.log:
permitted_clients.cfg: -58.160.64.204
error.log: 05/13 12:00:45 [31377]-P443 E-P: No permission:
CPE-58-160-64-204.vic.bigpond.net.au:46502 => http://127.0.0.1:8080 (unmatch
PERMIT).
If the name resolution (or reverse resolution) is necessary, how can I avoid
long time taken by restarting delegate when adding new IP address permitted?
Is that possible not to do name resolution (don't refresh them) for the
IP/hostnames already existed in Hostlist? Only do name resolution for new IP
address added to save restarting time?

Thanks again.

Kind Regards,
David

-----Original Message-----
From: Yutaka Sato [mailto:feedback@delegate.org] 
Sent: Tuesday, 22 April 2008 6:10 PM
To: feedback@delegate.org
Cc: pomhqbdyi-5vjbuj4tmilr.ml@ml.delegate.org
Subject: Re: [DeleGate-En] delegated reload very slow most of time.


On 04/15/08(10:17) you "David Wang" <pomhqbdyi-5vjbuj4tmilr.ml@ml.delegate.org> wrote
in <002f01c89e96$86b263a0$94172ae0$@wang@firstwave.com.au>
 |Our version is 9.1.1, we are using it as proxy to access our http/https
 |server with permitted list. Each time when we add an IP address of our
 |clients into that permitted list file (most are IP address, few is
 |hostname), and reload/restart delegated, most time it takes several
minutes,
 |sometimes more than 10 minutes to finish. I checked the log file, it seems
 |most time cost on gethostbyaddr, {R} SOA got for each IP address or
 |hostname. The details are below,
...
 |PERMIT=https:{127.0.0.1:8080}:+=permitted_clients.cfg
 |PERMIT=https:{xxx.xxx.xxx.xxx:8080}:+=permitted_clients.cfg
...
 |permitted_clients.cfg is our permitted access list file, which contains
our
 |clients IP address or hostname (more than 95% are IP address). The log
file
 |.../log/443 is:
...
 |04/15 10:30:35.02 [17431] 0+0: REMITTABLE = https
 |04/15 10:30:35.08 [17431] 0+0: {R} SOA got
 |[13.101.150.in-addr.arpa][ns2.on.net][hostmaster.adelaide.on.net]
2008031200
...
 |04/15 10:30:39.14 [17431] 0+0: gethostbyaddr(203.45.124.246)
unknown[4.02s]
...
 |04/15 10:30:41.27 [17431] 0+0: gethostbyaddr(203.45.124.10) unknown[2.13s]
...
 |Could you please tell me how to fix it so as to reload the permitted
access
 |list file more quickly?

DeleGate does not do reverse lookup of DNS for a host name or an IP address
in HostList when it is prefixed with "-", so your address list file should
be like follows:

-203.45.124.246
-203.45.124.10
...


<URL:http://www.delegate.org/delegate/Manual.htm#HostList>
  DISABLING NAME RESOLUTION ( -host )
    If a hostname (or a IP-address) is prefixed with "-" like "-hostname"
    ("-192.168.1.1"), then no name resolution (reverse resolution) will be
    tried for the hostname (IP-address). This will avoid wasting time in
    resolution trial for a never resolvable hostname (IP-address). 

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

-------------------------------Safe Stamp-----------------------------------
Your Anti-virus Service scanned this email. It is safe from known viruses.
For more information regarding this service, please contact your service
provider.




  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V