This is for recursive, and our recursive got 10X more queries than our
authoritative ones, and we had to disable conntrack on our DNS servers last
summer by using raw table and everything works for IPv4 including
fragmentation, we just noticed fragment fails for IPv6 when using raw
table, query not
On Fri, Sep 30, 2016 at 11:55:18PM -0400, Larry Larson wrote:
> I've followed instructions in this BIND Knowledge base article and
> installed ip6tables on my DNS server, using raw table with no
> conntrack for DNS:
> https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html
2 matches
Mail list logo
