John McMonagle wrote: > Considerations: > Do not want to stop lookups of advocap.org > Don't want to stop transfers to/from slaves. Isn't that via tcp anyway?
Yes, it is. > > advocap.org doesn't have that much to lookup. Only about a dozen entries > and suspect most are for mail.advocap.org www.advocap.org and for spf text. > > Any idea what good limits would be? I'm using "Limit:none:5,60" and it has slowed the bogus queries reaching my DNS server down to a trickle. Legitimate DNS servers should cache any response and since I only have a few hosts, this seemed like a reasonable setting to me. YYMV. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
