> After thinking about this, it occurs to me that it should be much > harder to pass on a poisoned cache if the authoritative answer is > first stored in the cache, and then the answer is provided from the > cache non-authoritatively. Yeah, Mark's response makes sense to me. cricket Men & Mice DNS Software & Services www.menandmice.com