Re: BIND DNS problem after upgrading from Wheezy to Squeeze

[Andrew W]

On 27/12/2017 13:18, Bernhard Schmidt wrote:
Current BIND9 defaults to doing DNSSEC verification. DNSSEC needs large
packets. You might have an issue with UDP fragments being dropped at
your firewall/NAT Gateway?


Thanks for this tip. Looking into it I discovered TCP seems to be 
recommened for DNSSEC so Ive enabled TCP port 53  and so far not had a 
problem!