On Wed, 25 Aug 2010, Les Mikesell wrote:
To: centos@centos.org From: Les Mikesell lesmikesell@gmail.com Subject: Re: [CentOS] Slow domain resolution problem
On 8/23/2010 10:08 AM, Gabriel Tabares wrote:
One more thing, if this is the case, why does the nslookup respond straight away? Is the destination server trying to somehow validate the host where the connection came from?
Some servers do, some don't. The ones that do are often just trying to log a name instead of the connecting IP address so you might be able to reconfigure the servers. It doesn't matter if this lookup fails as long as the response comes quickly. But, your earlier post indicated that you only had a private DNS server. If you request something it doesn't know, what happens? Does it attempt to resolve from public servers that are firewalled? And if so does the firewall block with an 'icmp denied' response or just silently drop the request or response? In the latter case, the server and application are forced to wait for the timeout.
In my opinion the 'right' solution to reverse-dns is to always make sure your own server responds to all the private address range zones and any public ranges you control even if you don't have complete or correct information for them. No one else will either so you might as well not bother the upstream servers with queries caused by your bad configuration.
-- Les Mikesell lesmikesell@gmail.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
It might help identify the problem by installing and running wireshark:
[root]# yum info wireshark*
1683 packages excluded due to repository priority protections Installed Packages Name : wireshark Arch : i386 Version : 1.0.11 Release : 1.el5_5.5 Size : 40 M Repo : installed Summary : Network traffic analyzer URL : http://www.wireshark.org/ License : GPL Description: Wireshark is a network traffic analyzer for Unix-ish operating : systems. : : This package lays base for libpcap, a packet capture and filtering : library, contains command-line utilities, contains plugins and : documentation for wireshark. A graphical user interface is packaged : separately to GTK+ package.
Name : wireshark-gnome Arch : i386 Version : 1.0.11 Release : 1.el5_5.5 Size : 1.6 M Repo : installed Summary : Gnome desktop integration for wireshark and wireshark-usermode URL : http://www.wireshark.org/ License : GPL Description: Contains wireshark for Gnome 2 and desktop integration file
That should give you some clues as to what's happening.
Kind Regards,
Keith Roberts
----------------------------------------------------------------- Websites: http://www.php-debuggers.net http://www.karsites.net http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with TMDA [http://tmda.net] -----------------------------------------------------------------