[CentOS] Slow domain resolution problem
Les Mikesell
lesmikesell at gmail.com
Wed Aug 25 15:38:38 UTC 2010
On 8/23/2010 10:08 AM, Gabriel Tabares wrote:
>
> One more thing, if this is the case, why does the nslookup respond
> straight away? Is the destination server trying to somehow validate the
> host where the connection came from?
Some servers do, some don't. The ones that do are often just trying to
log a name instead of the connecting IP address so you might be able to
reconfigure the servers. It doesn't matter if this lookup fails as long
as the response comes quickly. But, your earlier post indicated that
you only had a private DNS server. If you request something it doesn't
know, what happens? Does it attempt to resolve from public servers that
are firewalled? And if so does the firewall block with an 'icmp
denied' response or just silently drop the request or response? In the
latter case, the server and application are forced to wait for the timeout.
In my opinion the 'right' solution to reverse-dns is to always make sure
your own server responds to all the private address range zones and any
public ranges you control even if you don't have complete or correct
information for them. No one else will either so you might as well not
bother the upstream servers with queries caused by your bad configuration.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list