On 23/08/2010 15:56, Tom H wrote: > On Mon, Aug 23, 2010 at 9:48 AM, Giles Coochey<giles at coochey.net> wrote: > >> The problems can sometimes be caused by not having reverse-DNS records for >> your hosts. Can you resolve to names (any name) from an IP address? >> e.g. nslookup 10.2.9.2? >> > One more thing, if this is the case, why does the nslookup respond straight away? Is the destination server trying to somehow validate the host where the connection came from? > If this is a reverse-lookup problem and you can't have a > reverse-lookup zone (I worked at a company where the Windows admins > refused to create one when we asked them to do so!), I don't think it does reverse lookups. We are using a Juniper firewall to do the DNS for the internal network. It also caches DNS for some outside domains. I will have to look into this. > you can add > "[NOTFOUND=return]" to the hosts line in nsswitch.conf after "dns" > otherwise your dns server will forward the query out to the net > (assuming that your egress rules allow it to do so) and an answer will > be returned by the some servers set up for this purpose on the net - > called blackhole-something, IIRC. > I have added that line to the configuration and connection still take a long time to resolve the address.