On Fri, Jun 19, 2015 at 02:55:23PM -0500, I wrote: > On Thu, Jun 18, 2015 at 11:11:16PM +0000, > Mike Hoskins (michoski) wrote: snip > Note that connection tracking can be a problem upstream as well, > for the same reasons as described in the article. I would still > turn off conntrack for UDP DNS upstream, unless you're using DNAT > (yuck.)
Oh ... hahaha ... I missed the @cisco.com, so I don't suppose you're using Linux on your upstream routers. :) The same idea applies regardless of implementation, of course. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
