Hello,
looks like the "-strict on" switch doesn't resolve the spoofing
issues.

It happens again and again the causing party is the same some affilate
from topclicks.net ( for over a year now ), someone routed by
Everyones Internet Inc., using changing IPs in the 62.246.28.XXX
range !!!

(
http://forums.devshed.com/t48937/s68...84e5a3516.html
, for more detailed information about this kind off browser hijacking
)

Our internal netware 6 nameserver gets spoofed, while our external
bind 4.97 compatible name-server stays clean.
Here's an example from yesterday for a domain we are hosting
ourselves. :

C:\>nslookup
Standardserver: NSI.inform-ac.com
Address: 172.16.1.13

> www.groundstar.de

Server: NSI.inform-ac.com
Address: 172.16.1.13

Nicht autorisierte Antwort:
Name: www.groundstar.de
Addresses: 64.246.28.231, 207.44.236.157, 216.40.251.10

> server 193.98.224.209

Standardserver: ns.inform-ac.com
Address: 193.98.224.209

> www.groundstar.de

Server: ns.inform-ac.com
Address: 193.98.224.209

Name: www.groundstar.de
Address: 193.98.224.209

Any suggestions, any solution in sight ?
As long as this problem exists we're using Netware 6 named as
forwarder only.