On 8/23/2010 10:08 AM, Gabriel Tabares wrote:
One more thing, if this is the case, why does the nslookup respond straight away? Is the destination server trying to somehow validate the host where the connection came from?
Some servers do, some don't. The ones that do are often just trying to log a name instead of the connecting IP address so you might be able to reconfigure the servers. It doesn't matter if this lookup fails as long as the response comes quickly. But, your earlier post indicated that you only had a private DNS server. If you request something it doesn't know, what happens? Does it attempt to resolve from public servers that are firewalled? And if so does the firewall block with an 'icmp denied' response or just silently drop the request or response? In the latter case, the server and application are forced to wait for the timeout.
In my opinion the 'right' solution to reverse-dns is to always make sure your own server responds to all the private address range zones and any public ranges you control even if you don't have complete or correct information for them. No one else will either so you might as well not bother the upstream servers with queries caused by your bad configuration.