> i.e. at best these come from broken places. > > the loopback network > > deny ip 127.0.0.0 0.255.255.255 any (375 matches) This can come from DNS servers with 127.0.0.1 in one of the config files. I recall from a seminar/class by Cricket that this is why you don't use 127.0.0.1 in /etc/resolv.conf, IIRC. tim