On 11/16/11 12:31 PM, Paul Wouters wrote: > Is disabling DNSSEC validation a workaround? We do not believe it would be effective. Michael McNally ISC Support