Hi Yutaka, Thanks a lot for information. But I tested for a while, and found when I add new IP address/hostname prefix with '-', it will bypass name resolution, but it's not working, client side get "unmatch PERMIT" error. I still need to remove the prefix '-', then restart delegate, then working. The new IP address added must be resolved, otherwise no working, please see the permit config file and error.log: permitted_clients.cfg: -58.160.64.204 error.log: 05/13 12:00:45 [31377]-P443 E-P: No permission: CPE-58-160-64-204.vic.bigpond.net.au:46502 => http://127.0.0.1:8080 (unmatch PERMIT). If the name resolution (or reverse resolution) is necessary, how can I avoid long time taken by restarting delegate when adding new IP address permitted? Is that possible not to do name resolution (don't refresh them) for the IP/hostnames already existed in Hostlist? Only do name resolution for new IP address added to save restarting time? Thanks again. Kind Regards, David -----Original Message----- From: Yutaka Sato [mailto:pficabdyi-jmfhzl2sqqdw.ml@delegate.org] Sent: Tuesday, 22 April 2008 6:10 PM To: pficabdyi-jmfhzl2sqqdw.ml@delegate.org Cc: pomhqbdyi-jmfhzl2sqqdw.ml@delegate.org Subject: Re: [DeleGate-En] delegated reload very slow most of time. On 04/15/08(10:17) you "David Wang" <pomhqbdyi-jmfhzl2sqqdw.ml@delegate.org> wrote in <002f01c89e96$86b263a0$94172ae0$@wang@firstwave.com.au> |Our version is 9.1.1, we are using it as proxy to access our http/https |server with permitted list. Each time when we add an IP address of our |clients into that permitted list file (most are IP address, few is |hostname), and reload/restart delegated, most time it takes several minutes, |sometimes more than 10 minutes to finish. I checked the log file, it seems |most time cost on gethostbyaddr, {R} SOA got for each IP address or |hostname. The details are below, ... |PERMIT=https:{127.0.0.1:8080}:+=permitted_clients.cfg |PERMIT=https:{xxx.xxx.xxx.xxx:8080}:+=permitted_clients.cfg ... |permitted_clients.cfg is our permitted access list file, which contains our |clients IP address or hostname (more than 95% are IP address). The log file |.../log/443 is: ... |04/15 10:30:35.02 [17431] 0+0: REMITTABLE = https |04/15 10:30:35.08 [17431] 0+0: {R} SOA got |[13.101.150.in-addr.arpa][ns2.on.net][hostmaster.adelaide.on.net] 2008031200 ... |04/15 10:30:39.14 [17431] 0+0: gethostbyaddr(203.45.124.246) unknown[4.02s] ... |04/15 10:30:41.27 [17431] 0+0: gethostbyaddr(203.45.124.10) unknown[2.13s] ... |Could you please tell me how to fix it so as to reload the permitted access |list file more quickly? DeleGate does not do reverse lookup of DNS for a host name or an IP address in HostList when it is prefixed with "-", so your address list file should be like follows: -203.45.124.246 -203.45.124.10 ... <URL:http://www.delegate.org/delegate/Manual.htm#HostList> DISABLING NAME RESOLUTION ( -host ) If a hostname (or a IP-address) is prefixed with "-" like "-hostname" ("-192.168.1.1"), then no name resolution (reverse resolution) will be tried for the hostname (IP-address). This will avoid wasting time in resolution trial for a never resolvable hostname (IP-address). Cheers, Yutaka -- 9 9 Yutaka Sato <pfqcabdyi-jmfhzl2sqqdw.ml@delegate.org> http://delegate.org/y.sato/ ( ~ ) National Institute of Advanced Industrial Science and Technology _< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan Do the more with the less -- B. Fuller -------------------------------Safe Stamp----------------------------------- Your Anti-virus Service scanned this email. It is safe from known viruses. For more information regarding this service, please contact your service provider.
V