On 13/02/2003, Laurent Cheylus <[EMAIL PROTECTED]> wrote To [EMAIL PROTECTED]: > In this case, if www.example.com has multiple IP adress (round-robin DNS > configuration for a Web server), what is the comportement of pf_parser at reload > of rules ? > > Will PF load a rule for each IP given by www.example.com DNS resolution ?
yes. is it so hard to just test this? :) % cat /tmp/resolv.pf pass in from any to www.hotmail.com % pfctl -vnf /tmp/resolv.conf pass in inet from any to 64.4.44.7 pass in inet from any to 64.4.52.7 pass in inet from any to 64.4.53.7 pass in inet from any to 64.4.43.7 % host -t a www.hotmail.com www.hotmail.com A 64.4.53.7 www.hotmail.com A 64.4.43.7 www.hotmail.com A 64.4.44.7 www.hotmail.com A 64.4.52.7 but mind you, some setups are even more weird, like % host -t a www.microsoft.com [.several times.] you will see that they "round robin the round robin" ... always fuckup :) well, you can use a bit more liberal catch by 64.4/16 or something
