Hi all, Just a quick question re DNS zone transfers and the DNS application filter. I have the DNS zone transfer from privileged/high ports options set in the intrusion detection filter. If I do an nslookup (ls -d domainname.co.uk) from an ip external to the firewall, the zone is transferred fine. Naturally an alert is generated. However, if I deselect these check boxes, restart ISA and try this again, the nslookup process hangs on the ls -d domainname.co.uk command. Could someone confirm this behaviour happens with their firewall. If so why ? Patrick