[CentOS] Slow domain resolution problem
Keith Roberts
keith at karsites.net
Wed Aug 25 17:21:28 UTC 2010
On Wed, 25 Aug 2010, Les Mikesell wrote:
> To: centos at centos.org
> From: Les Mikesell <lesmikesell at gmail.com>
> Subject: Re: [CentOS] Slow domain resolution problem
>
> On 8/23/2010 10:08 AM, Gabriel Tabares wrote:
>>
>> One more thing, if this is the case, why does the nslookup respond
>> straight away? Is the destination server trying to somehow validate the
>> host where the connection came from?
>
> Some servers do, some don't. The ones that do are often just trying to
> log a name instead of the connecting IP address so you might be able to
> reconfigure the servers. It doesn't matter if this lookup fails as long
> as the response comes quickly. But, your earlier post indicated that
> you only had a private DNS server. If you request something it doesn't
> know, what happens? Does it attempt to resolve from public servers that
> are firewalled? And if so does the firewall block with an 'icmp
> denied' response or just silently drop the request or response? In the
> latter case, the server and application are forced to wait for the timeout.
>
> In my opinion the 'right' solution to reverse-dns is to always make sure
> your own server responds to all the private address range zones and any
> public ranges you control even if you don't have complete or correct
> information for them. No one else will either so you might as well not
> bother the upstream servers with queries caused by your bad configuration.
>
> --
> Les Mikesell
> lesmikesell at gmail.com
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
It might help identify the problem by installing and running
wireshark:
[root]# yum info wireshark*
1683 packages excluded due to repository priority protections
Installed Packages
Name : wireshark
Arch : i386
Version : 1.0.11
Release : 1.el5_5.5
Size : 40 M
Repo : installed
Summary : Network traffic analyzer
URL : http://www.wireshark.org/
License : GPL
Description: Wireshark is a network traffic analyzer for Unix-ish operating
: systems.
:
: This package lays base for libpcap, a packet capture and filtering
: library, contains command-line utilities, contains plugins and
: documentation for wireshark. A graphical user interface is packaged
: separately to GTK+ package.
Name : wireshark-gnome
Arch : i386
Version : 1.0.11
Release : 1.el5_5.5
Size : 1.6 M
Repo : installed
Summary : Gnome desktop integration for wireshark and wireshark-usermode
URL : http://www.wireshark.org/
License : GPL
Description: Contains wireshark for Gnome 2 and desktop integration file
That should give you some clues as to what's happening.
Kind Regards,
Keith Roberts
-----------------------------------------------------------------
Websites:
http://www.php-debuggers.net
http://www.karsites.net
http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------
More information about the CentOS
mailing list