Hi, This has a lot of DNS questions, but I'm mainly concerned about the security of my DNS servers. I've set my DNS servers up as below, I require external DNS lookup for Exchange, but I'm not convinced that it's safe, or at least as safe as it could be. I've read that what I can do, is have my ISA server firewall look up DNS for my domain, then set up forwarders from the Exchange server, to the ISA server in order to get the relevant DNS info. However, this doesn't seem to work. The only way I can get it to work is to allow the DNS protocol (Query and Server) through the firewall to the Exchange server, and I'm not happy this is the best thing to do. ISA Firewall External NIC has no DNS entries Internal NIC has ISP DNS entries DNS setup: Forward lookup Zone [External FQDN] Listen on: Internal IP only Forwarders: [ISP DNS servers] ***************************************** Internal DNS server NIC has 127.0.0.1 and other DNS server DNS setup: Forward lookup Zone [Internal Domain name] Forwarders: [ISA Firewall internal IP] no recursion ****************************************** Exchange server running DNS NIC has Internal DNS server and 127.0.0.1 DNS setup: Forward lookup Zone [Internal Domain name] Forwarders: [ISA Firewall internal IP] no recursion Any hints or suggestions? Steven Fitzgerald MCP