As for the delay, there wouldn't be one if your inside dns server
came back quickly with a nonexistant domain response.  However, if
it comes back with an address that won't work in the inside or
doesn't come back, you're stuck with the timeout.