Hi, I would like to see this addressed. I found more information on the issue at https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html Is there a firewalld solution to this issue? On 04/11/2017 11:05 AM, Chris Adams wrote: > One additional DNS server note: you should disable firewalld for any DNS > server, caching or authoritative. If you need firewalling, use straight > iptables. > > The reason is that firewalld always enables connection state tracking > (at least as far as I can tell), and that should never be used in front > of a DNS server. A public authoritative server or any caching server > can get a high rate of requests, and having the kernel firewalling > trying to track connection states is a bottleneck (one that will be > reached before DNS software's limits). > > If you must firewall a DNS server, use straight iptables and do not use > connection state tracking. >