On Wed, 25 Aug 2010, Les Mikesell wrote: > To: centos at centos.org > From: Les Mikesell <lesmikesell at gmail.com> > Subject: Re: [CentOS] Slow domain resolution problem > > On 8/23/2010 10:08 AM, Gabriel Tabares wrote: >> >> One more thing, if this is the case, why does the nslookup respond >> straight away? Is the destination server trying to somehow validate the >> host where the connection came from? > > Some servers do, some don't. The ones that do are often just trying to > log a name instead of the connecting IP address so you might be able to > reconfigure the servers. It doesn't matter if this lookup fails as long > as the response comes quickly. But, your earlier post indicated that > you only had a private DNS server. If you request something it doesn't > know, what happens? Does it attempt to resolve from public servers that > are firewalled? And if so does the firewall block with an 'icmp > denied' response or just silently drop the request or response? In the > latter case, the server and application are forced to wait for the timeout. > > In my opinion the 'right' solution to reverse-dns is to always make sure > your own server responds to all the private address range zones and any > public ranges you control even if you don't have complete or correct > information for them. No one else will either so you might as well not > bother the upstream servers with queries caused by your bad configuration. > > -- > Les Mikesell > lesmikesell at gmail.com > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos It might help identify the problem by installing and running wireshark: [root]# yum info wireshark* 1683 packages excluded due to repository priority protections Installed Packages Name : wireshark Arch : i386 Version : 1.0.11 Release : 1.el5_5.5 Size : 40 M Repo : installed Summary : Network traffic analyzer URL : http://www.wireshark.org/ License : GPL Description: Wireshark is a network traffic analyzer for Unix-ish operating : systems. : : This package lays base for libpcap, a packet capture and filtering : library, contains command-line utilities, contains plugins and : documentation for wireshark. A graphical user interface is packaged : separately to GTK+ package. Name : wireshark-gnome Arch : i386 Version : 1.0.11 Release : 1.el5_5.5 Size : 1.6 M Repo : installed Summary : Gnome desktop integration for wireshark and wireshark-usermode URL : http://www.wireshark.org/ License : GPL Description: Contains wireshark for Gnome 2 and desktop integration file That should give you some clues as to what's happening. Kind Regards, Keith Roberts ----------------------------------------------------------------- Websites: http://www.php-debuggers.net http://www.karsites.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] -----------------------------------------------------------------