How about: “lsof -i -n  -P”

is there an easier way to verify a port access to internal host besides 
wireshark & tcpdump?

this part looked ok to me, but i am not sure.

now seeing higher throughput, but still got...

14-Nov-2020 11:28:20.993 query-errors: info: client @0x7fc8601c9760 (<>): view 
external-wan-view: query failed (REFUSED) for<> at 
14-Nov-2020 11:28:21.030 query-errors: info: client @0x7fc8601c9760 (<>): 
view external-wan-view: query failed (REFUSED) for<> at 
14-Nov-2020 11:28:21.047 query-errors: info: client @0x7fc8601c9760 (<>): 
view external-wan-view: query failed (REFUSED) for<> at 

how can i see/test a query's processing between default.log & security.log ?
i can see the query, if i could see why it's failing, i'd query this list less. 
;)<> at 

i looked at the query.c @7270 but was unable to gleen any useful insight.

WRT networking, my block of static ip's is from<>

i have cascaded routers from att's pace unit to a netgear night hawk that does
port fwding for 53, 80 443 to the sever.
i use the firewall on the att rtr limiting to the above ports to pass through.

the NH logs show connects to 53,80, & 443

i also cranked debug to 10 in named logging, but so far,...

lastly, as F32 comes w/iptables, i migrated to nftables.

