On 9 September 2011 08:54, Holger Glaess <gla...@glaessixs.de> wrote: > hi > > i wrote a perl daemon to handle all these situations. > > he resolv the servername and add or delete the ip(s) to an spezific > table. > > maybe it's time to work on a package for ports. > > holger
Maybe I'm terribly confused (so bear with me), but isn't the trouble with these round-robin DNS CDN type of situations that most near any A record resolution request is likely to return a different IP address than before? So given that, how would updating your pf.conf (table) with a given IP (even a few given IPs) do any good if you're not also running a proxy server or DNS server? I mean, wouldn't this just cause your Perl daemon to dutifully update a table for, say, hostname.tld to IP w.x.y.z, only to have the next client just moments later get a response of IP a.b.c.d from the remote DNS server? Which at that point in time wouldn't be covered by your PF table/rules at all? Am I terribly confused? What am I missing? regards, --ropers
