First, Hessu your VPN idea looks interesting. Hopefully I'll have some time in the coming weeks to give it a try. Thanks for your efforts. Regarding cleaning up the DNS. Someone mentioned the idea of sorting hosts that are theoretically reachable via a tunnel. Then possibly purging ones that are not, or at least further review of these. So we gave it a shot, seemed simple enough. Look at the encap.txt file, look for hosts in each CIDR... (checking this file: ftp://hamradio.ucsd.edu/pub/amprhosts.) A quick google search yielded this nifty function that is the magic to the whole thing http://stackoverflow.com/questions/594112/matching-an-ip-to-a-cidr-mask-in-… http://pastebin.com/CCiX4Upd It's not quite working, maybe someone who knows more can fix it? I get some errors about Undefined offsets. Steve, KB9MWR