Reverse DNS lookups are *slow*

For a long time I’ve been noticing that rDNS queries for certain networks are noticeably slow on only (well, 2606:4700:4700::1111 included too). The exact same queries are very fast with any other resolver (be it Google or Q9 or local ISPs), so it can’t be that the domain nameservers themselves are slow to respond – surely there’s something else involved.

There aren’t many things that use reverse DNS nowadays, but Kerberos does by default, so multiple-second delays make things quite annoying.

For example, a query for dig -x 2001:67c:2e8:22::1 or dig -x 2001:678:19::$rand or dig -x 2001:778:1::$rand takes around 50–100 msec against most resolvers (such as or our ISP’s internal one)… but it takes 1–3 whole seconds for Cloudflare to resolve if not cached already.

This has been happening for a couple of years, the id.server of locations I’ve tested is VNO, RIX, LHR, AMS…

$ dig -x 2001:678:11::49 @

; <<>> DiG 9.16.25 <<>> -x 2001:678:11::49 @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65044
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1232

;; AUTHORITY SECTION: 1800 IN SOA 1644215516 10800 3600 1209600 7200

;; Query time: 4080 msec
;; WHEN: Wed Feb 09 12:43:28 EET 2022
;; MSG SIZE  rcvd: 165
1 Like

I don’t see any odd slowdowns for this delegation, it’s about 500-900ms to resolve from empty cache (it takes about 23 queries to resolve this). It’s probably not as popular so it falls out of cache, but 3 seconds sounds excessive. I’ll look into this in more detail to see if we can improve it. Let me know (either DM here or email [email protected]) if you’re sending a lot of traffic from non-residential IPs, it’s possible it might get throttled as well.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.