tags:

views:

138

answers:

2

How long should I expect a reverse lookup take? 100 milliseconds? 1 second? 10 second? 30 seconds? What's your experience?

Why? We're debating adding a feature to our server software which would require a reverse DNS lookup each time a client connects. The lookup would be done synchronously, so I'm worried that it could slow connection-times down a lot. I just wanted to hear other people's experience regarding reverse DNS lookup times.

A: 

I don't have a specific number, but if performance turns out to be an issue for you, you could consider doing the reverse lookup in a separate thread. If the reverse lookup doesn't meet your criteria, you can then abort the original connection and ban that IP (possibly just for some duration).

A prerequisite for this is that no real loss can happen between when the connection starts and the reverse lookup completes. Then again, that's the same situation you're in now without the reverse lookup.

Eric J.
It's not really applicable in this situation since real loss can happen immediately, but it's certainly an interesting idea.
HansA
Still, if you would otherwise not implement it because of the possible overhead, this option is better than not implementing :-)
Eric J.
+1  A: 

As long as it takes. A LOT depends on * Where the DNS Server is that you talk to * Whether the DNS server has the value already cached * Whether ther everse mapping mas to a proper DNS server that is also operational (or the retrieval times out).

In general, for end users, you can expect easily 200ms - the user may be at the other side of the world. I would actually assume anything up to 2minutes to be possible in case of DNS reachability issues.

Within a lan, you should normally have an answer within milliseconds. Two digit, maximum (10ms or so).

In general, synchroneous may be a REALLY bad idea here - but a lot depends on what the application actually DOES.

TomTom