hi, Since the last upgrade i habe lots of refused-messages for dns-queries. After struggling hours und destroying my forwarding on the firewall too, i found this morning the information within this link, which i think it should help: http://www.webservertalk.com/message1952963.html They mention, that you have to set the allow-query-cache in the named.conf, which has been enabled by default before (which is no longer the case) Does this resolve the problem? Sorry, but for today, i have no possibility for testing. HTH Roger ----- so, this evening, i changed in the options-area of my named.conf the following: allow-query-cache { net1/netmask; net2/netmask; }; net/netmask means as an example 10.0.0.0/8 and since then it works. But just to be sure, it is because of the change i made and nothing else, i need more testing. So i hope this helps also others which fiddle around with named. HTH Roger