On 23/08/2010 15:56, Tom H wrote:
On Mon, Aug 23, 2010 at 9:48 AM, Giles Coocheygiles@coochey.net wrote:
The problems can sometimes be caused by not having reverse-DNS records for your hosts. Can you resolve to names (any name) from an IP address? e.g. nslookup 10.2.9.2?
One more thing, if this is the case, why does the nslookup respond straight away? Is the destination server trying to somehow validate the host where the connection came from?
If this is a reverse-lookup problem and you can't have a reverse-lookup zone (I worked at a company where the Windows admins refused to create one when we asked them to do so!),
I don't think it does reverse lookups. We are using a Juniper firewall to do the DNS for the internal network. It also caches DNS for some outside domains. I will have to look into this.
you can add "[NOTFOUND=return]" to the hosts line in nsswitch.conf after "dns" otherwise your dns server will forward the query out to the net (assuming that your egress rules allow it to do so) and an answer will be returned by the some servers set up for this purpose on the net - called blackhole-something, IIRC.
I have added that line to the configuration and connection still take a long time to resolve the address.