I'm getting an awful lot of pings (denied by my PIX 506) from my DNS provider. Every 30 seconds I get 2 new syslog entries (10.0.0.4 is the global address for nat):

20 Syslog Trap 106011: Deny inbound (no xlate) icmp src outside 206.13.28.12 dst outside 10.0.0.4 (type 0, code 0)

20 Syslog Trap 106011: Deny inbound (no xlate) icmp src outside 206.13.29.12 dst outside 10.0.0.4 (type 0, code 0)

First, I'm not sure why the DNS host would be pinging me twice a minute. Is this standard behavior?

Second, I've turned off every icmp filter (both with the icmp command and access-list) and I keep getting the log entries. How do I get the PIX to either answer the ping, or silently drop the request? I was trying to set up answers to ping type 3 only...

P.S. I don't have any static routes for 10.0.0.4, since it's only for nat.

P.P.S. The next box outside of the PIX is a D-Link wireless/DSL router/firewall combo. I don't get why it is forwarding the packets, either, unless it's in response to a request by the PIX or a user behind the PIX (which is a possibility...maybe MSN Messenger or something similar sends out pings twice a minute...)