How can I launch a private Internet DNS server?

Michael De Roover isc at
Fri Oct 16 09:34:21 UTC 2020

Interesting article, thanks for sharing this! I'm slightly confused
about some things in it though. Does this mean that any traffic will be
put on the connection tracker and be treated as stateful unless we use
CT --notrack, or can the kernel make a heuristic based on what's in the
iptables rule (i.e. if it only covers a port or a network range, it
must be stateless)?

What constitutes a busy server? For a recursor it'd be easy to achieve
high throughput, but does an authoritative name server for a single
website need it?

On Thu, 2020-10-15 at 20:42 -0500, Chuck Aurora wrote:
> Absolutely right; I wrote this Linux-centric article about it:
> It has not been updated to cover nftables.
> Note also that this is a good reason NOT to use the NAT that
> other posters have encouraged.
Michael De Roover <isc at>

More information about the bind-users mailing list