In light of the recent bind9 zero-day, I logged into my secondary ns to make sure there was nothing slipping passed the monitoring. There is no evidence of trouble, but I can see a heap of these messages: Nov 17 05:34:19 ns2 named[1088]: client 111.252.1.88#55544: query (cache) 'cluster8a.us.messagelabs.com/A/IN' denied Nov 17 05:35:21 ns2 named[1088]: client 95.89.214.87#3311: query (cache) 'cluster8a.us.messagelabs.com/A/IN' denied Nov 17 05:35:23 ns2 named[1088]: client 95.89.214.87#3345: query (cache) 'cluster8.us.messagelabs.com/A/IN' denied Nov 17 05:35:57 ns2 named[1088]: client 79.167.143.122#1148: query (cache) 'cluster8.us.messagelabs.com/A/IN' denied Nov 17 05:35:59 ns2 named[1088]: client 79.167.143.122#1175: query (cache) 'cluster8a.us.messagelabs.com/A/IN' denied Nov 17 05:37:13 ns2 named[1088]: client 190.213.41.176#2408: query (cache) 'cluster8.us.messagelabs.com/A/IN' denied Nov 17 05:37:15 ns2 named[1088]: client 190.213.41.176#2569: query (cache) 'cluster8a.us.messagelabs.com/A/IN' denied None of those IP addresses are ours, or our customers, but at least one zone on this server has MX records that point to the messagelabs.com addresses. Could I have configured something wrong that might be causing those IP addresses to try and resolve the messagelabs.com names via my server? Or could they be running a buggy resolver? Thanks James