<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><meta content="text/html; charset=utf-8" http-equiv="Content-Type"></head>I read Debian Buster is shipped with nftables.<br><br><div class="gmail_quote">Am 9. August 2019 09:57:36 MESZ schrieb Chris <lists+pdns@gbe0.com>:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">Hi Winfried,<br><br>On 9/08/2019 3:50 pm, abang@t-ipnet.net wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">Hi Chris,<br><br>Maybe I missed that in this thread, but did you try with turning off <br>connection tracking or rising conntrack kernel table size? dmesg might <br>you show wether connection tracking limit was exceeded.<br><br>Winfried<br></blockquote><br>Thanks for the suggestion. By default I raise the conntrack table size <br>as normally this server is using iptables with stateful rules to allow <br>management. I also tried with no iptables rules and the conntrack module <br>not loaded.<br><br>Thanks<hr>dnsdist mailing list<br>dnsdist@mailman.powerdns.com<br><a href="https://mailman.powerdns.com/mailman/listinfo/dnsdist">https://mailman.powerdns.com/mailman/listinfo/dnsdist</a><br></pre></blockquote></div></html>