Hello Group, I'm new to the group and like to thank you for letting me in. In the organisation we use two unbound DNS servers to do DNS to the internet and the internal zones we are using. Also we are using bind caching servers (on Linux and in FW systems). All the clients are pointing to the local caching servers and / or the two unbound servers. Unbound can use stub-zone or forward for the other domains, I used stub-zone also for the MS AD zone. The problem is that the MS AD is not working correct, group policy are not performed on clients. We can fix that by pointing all the (MS) client systems to the MS AD DNS servers. Is it a network problem, and can it be fixed on the network site? Or is it a MS AD problem and need the clients DNS point to the AD DNS servers? Sorry if the question if it is asked before (many times :-)). Best regards, Fred.