> > Would you happen to have any overly-stringent firewall rules that would > block overlong DNS UDP replies or prevent DNS over TCP? This could > especially be an issue if DNSSEC is involved too. > > This was my thought as well; ASAs by default are not very forgiving for EDNS queries,which Windows Server defaults to when it is used as a resolver.
May not be relevant but every time I hear "everything seems to be resolving right except for this one weird edge case" my first thought is EDNS and ASAs being persnickety.
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
