[prev in list] [next in list] [prev in thread] [next in thread] 

List:       unbound-users
Subject:    Re: Feature request
From:       Yuri via Unbound-users <unbound-users () nlnetlabs ! nl>
Date:       2019-03-11 13:35:34
Message-ID: cdb7a8dd-5905-58d9-2100-ea87202fb9a0 () gmail ! com
[Download RAW message or body]


11.03.2019 19:08, Tony Finch пишет:
> Yuri via Unbound-users <unbound-users@nlnetlabs.nl> wrote:
>> For DNS interception (to Unbound, of course) I'm using PBR:
>>
>> ip access-list extended intercept-ports
>>  permit udp any any eq domain
>>  permit tcp any any eq domain
>>  deny   ip any any
>> !
>> !
>> route-map redirect_dns permit 30
>>  match ip address intercept-ports
>>  set ip next-hop 192.168.200.3
>> !
>>
>> which processes on router CPU and sometimes overload them.
> That sounds to me like something that should be solvable with a
> configuration fix. Maybe this?
> https://community.cisco.com/t5/switching/high-cpu-usage-after-configured-pbr/td-p/2325961

Nop. This is specifix Catalyst 4500 switch solution.

But I'm talking about routers. At least, ISRG2 family.

>
> Tony.

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************

[prev in list] [next in list] [prev in thread] [next in thread]