I'm right-clicking on server and selecting "Clear Cache", is this not the proper way? If I had to guess what is happening, when I clear the cache, it also removes the entries for the domain controllers and other servers, even though they are static IPs. Thus, the ISA server cannot find a DC to authenticate users, and they get blocked. (Due to Federal requirements, we cannot have any Firewall Policies that allow unauthenticated access to the Internet.) If I log onto each DC and do a "repair" of the network connection, it shows back up in the DNS server. Otherwise, I have to either wait for it to refresh itself or reboot the server. -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Wednesday, March 02, 2005 16:30 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Interesting problem... http://www.ISAserver.org I still don't understand this Dan. The cache on the DNS servers is for resolved names outwith your Organization. The AD holds all your domain info. When you clear the cache, it shouldn't be interfering with name resolution in your AD zones. You are right clicking on the dns server and selecting clear cache, or ipconfig / flushdns?? Steve