The environment is fairly typical...one primary DNS server and three secondary servers. One of the secondary servers is on the same subnet as the primary DNS server and the other two are distributed across the Wide Area Network. Of these two remote secondary servers, I see traffic like the following every day in my access-list violations, where ROUTER-WITH-ACL is the router protecting the REMOTE-SECONDARY-2... Oct 11 01:17:07 ROUTER-WITH-ACL 113128: 1w3d: %SEC-6-IPACCESSLOGP: list 114 denied udp REMOTE-SECONDARY-1(53) -> REMOTE-SECONDARY-2(36070), 1 packet Oct 11 01:18:37 ROUTER-WITH-ACL 113139: 1w3d: %SEC-6-IPACCESSLOGP: list 114 denied udp REMOTE-SECONDARY-1(53) -> REMOTE-SECONDARY-2(36075), 1 packet Oct 11 01:18:42 ROUTER-WITH-ACL 113140: 1w3d: %SEC-6-IPACCESSLOGP: list 114 denied udp REMOTE-SECONDARY-1(53) -> REMOTE-SECONDARY-2(36076), 1 packet Oct 11 01:18:47 ROUTER-WITH-ACL 113141: 1w3d: %SEC-6-IPACCESSLOGP: list 114 denied udp REMOTE-SECONDARY-1(53) -> REMOTE-SECONDARY-2(36077), 1 packet ... Oct 11 03:05:42 ROUTER-WITH-ACL 113623: 1w3d: %SEC-6-IPACCESSLOGP: list 114 denied udp REMOTE-SECONDARY-1(53) -> REMOTE-SECONDARY-2(36120), 1 packet Oct 11 03:05:47 ROUTER-WITH-ACL 113624: 1w3d: %SEC-6-IPACCESSLOGP: list 114 denied udp REMOTE-SECONDARY-1(53) -> REMOTE-SECONDARY-2(36121), 1 packet Oct 11 03:05:57 ROUTER-WITH-ACL 113625: 1w3d: %SEC-6-IPACCESSLOGP: list 114 denied udp REMOTE-SECONDARY-1(53) -> REMOTE-SECONDARY-2(36122), 1 packet As you can see, the destination port increments by one on each attempt and this entire process occurs over the period of several hours. This traffic is entirely unidirectional...I do not see any similar traffic on the access list protecting REMOTE-SECONDARY-1. What is the nature of this traffic and should I be concerned? It is obviousely not a zone transfer, and there is no forwarders directive in either config file, so I'm at a loss. Thanks in advance for your help... Jesse Whyte Security Analyst Office of Information Resources State of Tennessee (615)741-8651