Barry, Thanks for the input... I think you hit it right on the head when you suggested that my internal server is set as a primary for IN-ADDR.ARPA. The queries are not getting out to the firewall.... I'm attaching my named.conf file. Would you be so kind as to give me a hint as to what I should do??? My internal IN-ADDR.ARPA is hosts.rev..... If I change to secondary, pointing to my ISP nameserver, I can't resolve internal IP to names.... How can I do both??? Thanks Again for the help!!!! Mark Gosselin NetScout Systems (See attached file: named.boot) Barry Margolin cc: Sent by: Subject: Re: Reverse lookup bind-users-boun ce@isc.org 08/20/01 02:53 PM In article <9lrlnr$4dn@pub3.rc.vix.com>, Mark Gosselin wrote: >Is it possible that my firewall could be configured to block reverse >lookups, but not regular lookups?? >I can lookup by name and IP on my domain, and can lookup by name other >domains (ie amazon.com) >but, if I supply th IP address for amazon.com, I get a "non-existant >domain" reply...... Is your firewall doing simple packet filtering, or is it acting as a DNS server itself? In the former case, it's unlikely that it would block DNS requests based on details like this. But if it's a DNS server, it could possibly be configured as a primary server for IN-ADDR.ARPA, and it wouldn't forward requests within this domain. Another possibility is that your internal nameserver is configured as primary for IN-ADDR.ARPA, so these queries are never getting to the firewall at all. -- Barry Margolin, barmar@genuity.net Genuity, Woburn, MA *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups. Please DON'T copy followups to me -- I'll assume it wasn't posted to the group. -- Binary/unsupported file stripped by Listar -- -- Type: application/octet-stream -- File: named.boot