From: bert hubert <bert.hubert@netherlabs.nl>
Date: Tue, 20 Jun 2017 20:58:17 +0000 (+0200)
Subject: Document that rules are not for creating by the thousands
X-Git-Tag: rec-4.1.0-alpha1~68^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f13d87b8d2e30bf1ee3f0f4063ef59fb4545122;p=thirdparty%2Fpdns.git

Document that rules are not for creating by the thousands

This addresses #5433, which featured a user attempting to create 30k rules.
---

diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md
index 1a8c0a6adf..827a7e9007 100644
--- a/pdns/README-dnsdist.md
+++ b/pdns/README-dnsdist.md
@@ -471,6 +471,7 @@ single operation with `setRules()`:
 > setRules( { newRuleAction(TCPRule(), AllowAction()), newRuleAction(AllRule(), DropAction()) } )
 ```
 
+NOTE: Adding large numbers of rules (200+) is slow, and will also impact performance significantly. Instead of creating numerous rules, consider using smaller numbers of individual rules that match large numbers of domains or IP addresses, for example using a `SuffixMatchNodeRule` or a `NetmaskGroupRule`. These rules are optimized for hosting thousands or millions of domain names or IP addresses. 
 
 More power
 ----------