Gary Smith wrote:
I'm not seeing your 130 sec CPU issue on my end. Are as mentioned by Matt, are you running into some DNS issue? These are stock rule + other house rules in place. I'm not getting any type of DNS hit, this might because you modified the headers. Either way, 5 seconds for me.
Wow. O_o What version of SA, and what version of the stock rules? I don't regularly update everything, but I *do* update JM's sought rules daily via cron, and with local rules distributed via sa-update I usually do a complete sa-update on all the rules channels (scripted) a couple of times a week.
I'm all but certain it's not a DNS issue; even default timeouts for DNS should give up and return after ~15 seconds. And that wouldn't cause a CPU core to be pegged for the entire time.
-kgd
