* Steven Stromer [2008-08-15]:
> I doubt that this is at all pertinent, but I was experiencing similar
> behavior once I patched a client a few weeks ago and took them off
> port 53. Recursive requests were failing three out of every four
> times they were made, yet digs with trace worked. The company uses a
> crappy Netgear firewall that I can't wait to trash. However, the fix
> ended up coming from turning off tcp and udp flood protection on the
> firewall. In this case the firewall was located between a DMZ area
> and the company LAN, with the recursive nameserver located in the
> DMZ, so the network was probably slightly different...


This is exactly our network setup!

> However, the symptoms sound so familiar that I thought I'd mention
> it. Maybe your Cisco router is interpreting all the randomized UDP
> activity as a flood. Apologies if this is off track with your issue
> - good luck finding a fix!


I'll test this on Monday and report back - thx a lot for the
suggestion.

Hans

PS! I wasn't at work yesterday so I haven't been able to test the
suggestions I got on Thursday. I'll report back here when/if I find a
solution.