> Offhand, nothing stands out for me in that config, but I'm not really a
> PIX expert. I've heard, however, that the Cisco "fixups" sometimes
> create problems. Can anyone comment on whether "
> fixup protocol dns maximum-length 1024" is likely to exhibit the behavior des
> cribed earlier?

Well named advertises a 4096 byte EDNS buffer by default
so it won't be helping.

edns-udp-size needs to match what the firewall lets through.

