In-Reply-To: <1087321536.7690.85.camel@xxxxxxxxxxxxxxxxxxxxx> This has yet to be investigated and commented by the vendor, but the SEF firewall dnsd has the option to configure "forwarders" - dnsd will defer all requests to these. A mitigating strategy until the vendor has an answer could be to configure forwarders pointing at ISP nameservers. Peter Jelver http://www.esec.dk