> Offhand, nothing stands out for me in that config, but I'm not really a
> PIX expert. I've heard, however, that the Cisco "fixups" sometimes
> create problems. Can anyone comment on whether "
> fixup protocol dns maximum-length 1024" is likely to exhibit the behavior des
> cribed earlier?

Well named advertises a 4096 byte EDNS buffer by default
so it won't be helping.

edns-udp-size needs to match what the firewall lets through.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org