Hi, It appears that some of my subscribers DSL modems (which are acting as nat routers) have had their dns settings hijacked and presumably for serving ads or some such nonsense. The dns server addresses are statically programmed in and of the onces I have seen, they are not currently responsive, leading to slow page loads or 404 errors and hence tech support calls to my support desk. I have set up a resolver that will answer dns queries and have done some routing magic to re-direct queries sent from my customer CPE's to these hijacked dns addresses. This is working for the time being and affected clients don't know about the problem (yet). I realise it's highly likely there are more than just the 2 addresses I have identified so far in the realm of dns hijackers, and so I am I am wondering if anyone has a line on dns server addresses that have been used or are currently in use for dns redirecting malware. I would like to maybe script something so that addresses on such a list would automatically get dropped into a routing table pointing at my special dns resolver. In the future I would also likely set up some sort of web redirect so that any client that queries the special resolver would get a web page explaining they have been hijacked and how to handle it. For now however I just want to stem the tide and make sure clients continue to work and to catch as many of these as I can. Anyone ? Mike-