Is the IDN flag the only one dropped? How about DHCPv6 and DNSSEC?
I believe that the current branch on github is statically build with DNSSEC, so that is probably covered.
I guess other people who integrate pi-hole as part of a larger system instead of a stand-alone system will be interested if a later pihole upgrade might change functionality.
Thank you for the information. Please note that the no-conntrack might give issues in cases where people use pi-hole in a sort of DMZ and iptables as a firewall.
This will likely not be an issue for my personal solution, but people with such a set-up may find that the answers from the DNS queries suddenly are not able to get back to the requester (dropped by iptables). This could be resolved by setting a specific rule for port 53, of course.
Oh, sorry, I missed this question. Apparently I misconfigured something in my Discourse profile so I don't get @-mentions via email.
I added CONNTRACK in a separate branch but we first have to work on getting the binary compile on the CI (we have to add the now required libnetfilter_conntrack there).