Why is host so much slower than dig on some queries?

Question

When querying a particular address, dig as run against the resolvers listed in /etc/resolv.conf will return NXDOMAIN nice and quickly where host will take a while.

$ dig @<resolver> 140.80.199.91.in-addr.arpa ptr

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @<resolver>140.80.199.91.in-addr.arpa ptr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40000
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;140.80.199.91.in-addr.arpa.    IN  PTR

;; Query time: 1 msec
;; SERVER: <resolver>#53(<resolver>)
;; WHEN: Wed Oct 22 16:08:38 2014
;; MSG SIZE  rcvd: 44

But much slower in host...

$ time host 140.80.199.91 <resolver>
;; connection timed out; no servers could be reached

real    0m12.007s
user    0m0.001s
sys 0m0.007s

Why does host take so long to come up with the same answer?

Answer 1

Your two commands are not equivalent.

host 140.80.199.91

is equivalent to:

dig 91.199.80.140.in-addr.arpa ptr

The labels in PTR records are the elements of the IP address in reverse.

Since you're looking up the reverse DNS of different IPs, they're trying to reach different DNS servers. So the timing will naturally be different. And in your example, the reverse DNS server for 199.80.140.in-addr.arpa isn't responding, so you get a timeout.

To avoid having to reverse the IP by hand, you can use the -x option as a shortcut:

dig -x 140.80.199.91

This option also defaults to PTR lookup, so you can omit that argument as well.