OK - Jim and everyone, thanks for helping here as I know that this is not a dns group. Here is data from the dns log that happened when an outgoing email fails. This email should not be failing as I tested it from an outside account. This data is very cryptic to me though so any suggestions are appreciated. I will send another when I find it with the weird system events. Snd 10.1.2.14 45b4 R Q [8281 DR SERVFAIL] (7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0) UDP response info at 004DEFCC Socket = 496 Remote addr 10.1.2.14, port 47312 Time Query=2724995, Queued=2725007, Expire=2725010 Buf length = 0x0200 (512) Msg length = 0x0040 (64) Message: XID 0x45b4 Flags 0x8182 QR 1 (response) OPCODE 0 (QUERY) AA 0 TC 0 RD 1 RA 1 Z 0 RCODE 2 (SERVFAIL) QCOUNT 0x1 ACOUNT 0x0 NSCOUNT 0x0 ARCOUNT 0x0 Offset = 0x000c, RR count = 0 Name "(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)" QTYPE A (1) QCLASS 1 ANSWER SECTION: AUTHORITY SECTION: ADDITIONAL SECTION: Snd 209.228.15.4 1f70 Q [0000 NOERROR] (7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0) UDP question info at 00F3F00C Socket = 512 Remote addr 209.228.15.4, port 53 Time Query=0, Queued=0, Expire=0 Buf length = 0x0200 (512) Msg length = 0x0040 (64) Message: XID 0x1f70 Flags 0x0000 QR 0 (question) OPCODE 0 (QUERY) AA 0 TC 0 RD 0 RA 0 Z 0 RCODE 0 (NOERROR) QCOUNT 0x1 ACOUNT 0x0 NSCOUNT 0x0 ARCOUNT 0x0 Offset = 0x000c, RR count = 0 Name "(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)" QTYPE A (1) QCLASS 1 ANSWER SECTION: AUTHORITY SECTION: ADDITIONAL SECTION: Snd 209.228.14.4 1f70 Q [0000 NOERROR] (7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0) UDP question info at 00F3F00C Socket = 512 Remote addr 209.228.14.4, port 53 Time Query=0, Queued=0, Expire=0 Buf length = 0x0200 (512) Msg length = 0x0040 (64) Message: XID 0x1f70 Flags 0x0000 QR 0 (question) OPCODE 0 (QUERY) AA 0 TC 0 RD 0 RA 0 Z 0 RCODE 0 (NOERROR) QCOUNT 0x1 ACOUNT 0x0 NSCOUNT 0x0 ARCOUNT 0x0 Offset = 0x000c, RR count = 0 Name "(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)" QTYPE A (1) QCLASS 1 ANSWER SECTION: AUTHORITY SECTION: ADDITIONAL SECTION: Snd 10.1.2.14 45b4 R Q [8281 DR SERVFAIL] (7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0) UDP response info at 004D5D6C Socket = 496 Remote addr 10.1.2.14, port 47312 Time Query=2724999, Queued=2725011, Expire=2725014 Buf length = 0x0200 (512) Msg length = 0x0040 (64) Message: XID 0x45b4 Flags 0x8182 QR 1 (response) OPCODE 0 (QUERY) AA 0 TC 0 RD 1 RA 1 Z 0 RCODE 2 (SERVFAIL) QCOUNT 0x1 ACOUNT 0x0 NSCOUNT 0x0 ARCOUNT 0x0 Offset = 0x000c, RR count = 0 Name "(7)inbound(17)christinecourtney(3)com(12)criticalpath(3)net(0)" QTYPE A (1) QCLASS 1 ANSWER SECTION: AUTHORITY SECTION: ADDITIONAL SECTION: -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, October 24, 2001 2:58 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Wierd DNS stuff... http://www.ISAserver.org The log you should be reading is %SystemRoot%\system32\dns\dns.log. It's where the DNS services does the extended logging to. Jim Harrison MCP(NT4, 2K), A+, Network+, PCG