> Disabling dns fixup fixed it for us. BIND9 has a slightly different on-by-default query type that caused some Checkpoint firewalls to trigger drops due to DNS protocol inspection. It was dropping the messages saying "drop back to the old method please" Maybe the PIX fixup code is doing something similar ?? Virgil