[CentOS] Slow domain resolution problem
Gabriel Tabares
gabriel.tabares at roboreus.com
Mon Aug 23 15:08:27 UTC 2010
On 23/08/2010 15:56, Tom H wrote:
> On Mon, Aug 23, 2010 at 9:48 AM, Giles Coochey<giles at coochey.net> wrote:
>
>> The problems can sometimes be caused by not having reverse-DNS records for
>> your hosts. Can you resolve to names (any name) from an IP address?
>> e.g. nslookup 10.2.9.2?
>>
>
One more thing, if this is the case, why does the nslookup respond
straight away? Is the destination server trying to somehow validate the
host where the connection came from?
> If this is a reverse-lookup problem and you can't have a
> reverse-lookup zone (I worked at a company where the Windows admins
> refused to create one when we asked them to do so!),
I don't think it does reverse lookups. We are using a Juniper firewall
to do the DNS for the internal network. It also caches DNS for some
outside domains. I will have to look into this.
> you can add
> "[NOTFOUND=return]" to the hosts line in nsswitch.conf after "dns"
> otherwise your dns server will forward the query out to the net
> (assuming that your egress rules allow it to do so) and an answer will
> be returned by the some servers set up for this purpose on the net -
> called blackhole-something, IIRC.
>
I have added that line to the configuration and connection still take a
long time to resolve the address.
More information about the CentOS
mailing list