Our exchange server is accessing our internal DNS server about 1000 times a second to get name resolutions. Our internal DNS then turns to the external DNS to do the lookups (if the names aren't in our local DNS). This is clogging up our network. Denying our DNS server access to external DNS, means we lose mail all together, but we do get the internet back. Does anyone know how to go into the exchange server and find what users are sending so much mail at a time? (I suspect there is a virus) I just want to see what user is causing all the traffic so i can disable that account (if that's what's going on).