Ftdns - conntrack?

Is the IDN flag the only one dropped? How about DHCPv6 and DNSSEC?

I believe that the current branch on github is statically build with DNSSEC, so that is probably covered.

I guess other people who integrate pi-hole as part of a larger system instead of a stand-alone system will be interested if a later pihole upgrade might change functionality.


Here are the compile time options

compile time options: IPv6 GNU-getopt no-MMU no-DBus no-i18n no-IDN DHCP DHCPv6 no-scripts TFTP no-conntrack ipset auth DNSSEC loop-detect inotify

Thank you for the information. Please note that the no-conntrack might give issues in cases where people use pi-hole in a sort of DMZ and iptables as a firewall.

This will likely not be an issue for my personal solution, but people with such a set-up may find that the answers from the DNS queries suddenly are not able to get back to the requester (dropped by iptables). This could be resolved by setting a specific rule for port 53, of course.

Does conntrack add a large overhead?

1 Like

@DL6ER may be best suited to answer that.

Oh, sorry, I missed this question. Apparently I misconfigured something in my Discourse profile so I don't get @-mentions via email.

I added CONNTRACK in a separate branch but we first have to work on getting the binary compile on the CI (we have to add the now required libnetfilter_conntrack there).

1 Like