Hi, for policies purpuose, we need to know which remote site is resolving a Bind 9.x public DNS Server. The problem occurs when some carriers "share" the same IP address between more customers and they surf behind a shared NAT. Is there a way? Perhaps with DNS crypt o dnssec? Thank you! /F