On 07/30/2013 07:25 PM, Amos Jeffries wrote: > Aha. Digging around in the code I found another way that the queries and > replies counters may be getting separated. > => all queries are recorded at the point they are sent. > => replies are recorded only if the nameserver they are received from > is a "known" NS. > > So if you have ignore_unknown_nameservers set to ON, the difference > would be the replies dropped from unknown servers. > > > NP: I am still suspicious that this may be related to mDNS, since I > think the mDNS responses come back form the LAN machines as unicast > replies and would hit that known/unknown security check. > > Amos I really suspect that a recursive lookup of the bind or whatever server would do that. If it can be resolved I would expect it to not work? Eliezer
