[Bro-Dev] DNS TXT Queries and the Cache File
Robin Sommer
robin at icir.org
Thu Aug 30 08:38:51 PDT 2012
Cool, thanks for working on this, Vlad.
On Thu, Aug 30, 2012 at 05:04 -0500, you wrote:
> As the previous poor soul to touch that code, I wouldn't mind looking at
> what you've got so far and then attempting to add the caching support.
If the caching is trikcy to get in (or makes the code even worse ...),
we can indeed skip it. The main reason for having the caching at all
is DNS names embedded in scripts (e.g., code of the form "set[addr] =
{ foo.bar }"). Bro looks these up once at startup and that can
potentially take a while if there are a lot or responses are coming in
slowly. So what one can do is "prime" the cache first, so that the
next time Bro starts up, it doesn't need to do the lookups. That was
more important in the Old Days though when people restarted Bro once a
day to flush state and that had to be fast.
This is all not relevant to TXT records. And, in fact, I've already
been wondering if we can get rid of the cache altogether to simplify
the DNS code.
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the bro-dev
mailing list