Aha. Digging around in the code I found another way that the queries and
replies counters may be getting separated.
=> all queries are recorded at the point they are sent.
=> replies are recorded only if the nameserver they are received from
is a "known" NS.
So if you have ignore_unknown_nameservers set to ON, the difference
would be the replies dropped from unknown servers.
NP: I am still suspicious that this may be related to mDNS, since I
think the mDNS responses come back form the LAN machines as unicast
replies and would hit that known/unknown security check.
Amos
