All,
I’m using a L7 matcher to implement a conditional forwarder as described in my post here.
Now I need to add multiple domains and subnets. (about ten pairs) - Which could all be resolved by single remote DNS.
Which attempt would be more CPU-friendly?
One big L7 matcher (only applied to udp/53 of course) in one dst-nat rule?
or one dst-nat rule per domain/subnet pair and a small L7 matcher for it?
Thanks,
-Chris
, but unless you try / test it we