Aha. Digging around in the code I found another way that the queries and replies counters may be getting separated.
 => all queries are recorded at the point they are sent.
=> replies are recorded only if the nameserver they are received from is a "known" NS.

So if you have ignore_unknown_nameservers set to ON, the difference would be the replies dropped from unknown servers.


NP: I am still suspicious that this may be related to mDNS, since I think the mDNS responses come back form the LAN machines as unicast replies and would hit that known/unknown security check.

Amos

Reply via email to