Is the IDN flag the only one dropped? How about DHCPv6 and DNSSEC?
I believe that the current branch on github is statically build with DNSSEC, so that is probably covered.
I guess other people who integrate pi-hole as part of a larger system instead of a stand-alone system will be interested if a later pihole upgrade might change functionality.
thanks.
Here are the compile time options
compile time options: IPv6 GNU-getopt no-MMU no-DBus no-i18n no-IDN DHCP DHCPv6 no-scripts TFTP no-conntrack ipset auth DNSSEC loop-detect inotify
Thank you for the information. Please note that the no-conntrack might give issues in cases where people use pi-hole in a sort of DMZ and iptables as a firewall.
This will likely not be an issue for my personal solution, but people with such a set-up may find that the answers from the DNS queries suddenly are not able to get back to the requester (dropped by iptables). This could be resolved by setting a specific rule for port 53, of course.
Does conntrack add a large overhead?
Oh, sorry, I missed this question. Apparently I misconfigured something in my Discourse profile so I don't get @-mentions via email.
I added CONNTRACK in a separate branch but we first have to work on getting the binary compile on the CI (we have to add the now required libnetfilter_conntrack there).