DoS for web by failing reverse DNS?

[shadow () DEMENTIA ORG (Derrick J Brashear)]

A few weeks ago I set up a VPN tunnel and tunneled 16 IP addresses onto a
LAN. At the time none of these addresses reverse-resolved to anything.

I noticed upon connecting to some web servers that a connection was opened
and then hung forever, while others were fine. Some experimentation showed
that by using a proxy in the same network where the only apparently
difference was that the IP reverse-resolved to something, the requests
were serviced successfully.

2 weeks ago reverse records were added for the hosts in question. As of
tonight many web sites still display the "hang forever" behavior.

I can verify that the correct in-addr.arpa data is being served for these
addresses from the appropriate delegated name servers, and it's been
verified by others around the net. It seems that something is caching
negative DNS lookups for quite some time, and as yet I have been unable to
get any help from any of the sites which are exhibiting this problem in
tracking down if it's some sort of local software configuration issue or
some big ISP has a poorly configured name server.

Still, this seems to me to be a problem: make sure a machine won't reverse
resolve by attacking its authoritative in-addr.arpa zone servers and the
users of that IP address effectively can't use large portions of the web.

As of this moment, a random selection of sites never returning any data:
www.etoys.com
freshmeat.net
www.slashdot.org

Any suggestions which people might offer for tracking down this problem
would be appreciated; Administrators of several of the web servers to
which access hangs forever have failed to reply to queries by email, so
I'm stuck on how to proceed.

-D