[CentOS] Slow domain resolution problem

Wed Aug 25 15:38:38 UTC 2010
Les Mikesell <lesmikesell at gmail.com>

On 8/23/2010 10:08 AM, Gabriel Tabares wrote:
>
> One more thing, if this is the case, why does the nslookup respond
> straight away? Is the destination server trying to somehow validate the
> host where the connection came from?

Some servers do, some don't.  The ones that do are often just trying to 
log a name instead of the connecting IP address so you might be able to 
reconfigure the servers.  It doesn't matter if this lookup fails as long 
as the response comes quickly.  But, your earlier post indicated that 
you only had a private DNS server.  If you request something it doesn't 
know, what happens?  Does it attempt to resolve from public servers that 
are firewalled?   And if so does the firewall block with an 'icmp 
denied' response or just silently drop the request or response?  In the 
latter case, the server and application are forced to wait for the timeout.

In my opinion the 'right' solution to reverse-dns is to always make sure 
your own server responds to all the private address range zones and any 
public ranges you control even if you don't have complete or correct 
information for them.  No one else will either so you might as well not 
bother the upstream servers with queries caused by your bad configuration.

-- 
   Les Mikesell
    lesmikesell at gmail.com