* Amos Jeffries <squid3@xxxxxxxxxxxxx>: > Aha. Digging around in the code I found another way that the queries > and replies counters may be getting separated. > => all queries are recorded at the point they are sent. > => replies are recorded only if the nameserver they are received > from is a "known" NS. > > So if you have ignore_unknown_nameservers set to ON, the difference > would be the replies dropped from unknown servers. ignore_unknown_nameservers defaults to ON > NP: I am still suspicious that this may be related to mDNS, since I > think the mDNS responses come back form the LAN machines as unicast > replies and would hit that known/unknown security check. So if I set ignore_unknown_nameservers to OFF, then the numbers would change? -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebrandt@xxxxxxxxxx Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155