Minimizing DNS Connections -- want just 1 connection for 1 query. I ran this little experiment (default Tomato 1.23 settings) 0. stopped all applications on the LAN. monitored connections in CONNTRACK table. 1. ran ping -c1 arealdomain.org 2. here are the CONNTRACK entries, 5 seconds later: ADM 50156 SSH ROUTER-I tcp 14399 E a -- src=192.168.2.201 dst=192.168.2.250 sport=50156 dport=22 tcp 6 14399 ESTABLISHED -- src=192.168.2.250 dst=192.168.2.201 sport=22 dport=50156 [ASSURED] use=1 mark=0 ADM 65071 DNS ROUTER-I udp 25 -- src=192.168.2.201 dst=192.168.2.250 sport=65071 dport=53 udp 17 25 -- src=192.168.2.250 dst=192.168.2.201 sport=53 dport=65071 use=1 mark=0 ADM 65526 DNS ROUTER-I udp 25 -- src=192.168.2.201 dst=192.168.2.250 sport=65526 dport=53 udp 17 25 -- src=192.168.2.250 dst=192.168.2.201 sport=53 dport=65526 use=1 mark=0 RTR 11909 DNS NS1 udp 25 1 -- src=67.2.2.001 dst=67.5.0.009 sport=11909 dport=53 udp 17 25 -- src=67.5.0.009 dst=67.2.2.001 sport=53 dport=11909 use=1 mark=1 RTR 24284 DNS NS1 udp 25 1 -- src=67.2.2.001 dst=67.5.0.009 sport=24284 dport=53 udp 17 25 -- src=67.5.0.009 dst=67.2.2.001 sport=53 dport=24284 use=1 mark=1 As you can see, a single access (by name) of a host on the Net resulted in 2 DNS requests to the router, which then relayed two more requests to the (ISP) name server. That's 5 connections for 1 access. (The reason this interests me is that I have been studying connection storms. One factor in (p2p) connection storms is that when the client tries to solicit connections, for every low priority (?) connection attempt, there may be 5 high priority connections set up before the far side is contacted, if ever. I had observed, when trying to find which of a dozen users was causing a storm, that each storm appeared to involve a high degree of "router complicity".) My question is: Have others observed this exploding of DNS traffic? Might there be a way to reduce it from 4 connections to 1? (Since the vast majority of all connections are for random, futile peers that never respond, I really don't want DNS caching.) I would like the router to set up a single (NATed) connection between the the LAN host and the ISP NS. Then that connection would be LAN-host rule-able, rather than appearing to be router-top-priority! Thanks. P.S. I found that when I uncheck "Use internal caching DNS forwarder", I can no longer reach LAN hosts by hostname.