I'm reading Jim Harrison's DNS FOR ISA SERVER piece from the site's Learning Zone and I have two questions. 1. The Separate Internal & External DNS graphic depicts a client with DNS1=192.168.0.3 & DNS2=123.123.123.124. This makes "use of separate internal and external DNS resolvers". My questions is - In a W2K environment could this prove troublesome if an internal AD lookup fails and is subsequently attempted on the outside? Not that the outside lookup could ever succeed, but that future queries might rely on the DNS2 address first? 2. In the next graphic, INDEPENDENT INTERNAL DNS, what mechanism "forces" INT DNS01 to use ISA for external lookups? Is Forwarding at work here or is it the server's Gateway address or is it a Secure Nat Client? And along those lines once the ISA Server tries to resolve an external name is it Forwarding as well (because it's Preferred DNS Servers are on the Internal network)? Thank you -- Tom Kasmir