I receive DNS responses > 500 bytes every day (reported by PIX firewall). So
it is an issue, no matter wgat is recomended in RFC.
And you most probable have EDNS clients (nameservers) inside
your firewall making EDNS queries which return EDNS responses
that are bigger than 512 bytes. EDNS has been standards
track for over 5 years now. The majority of the nameservers
in the world talk EDNS between themselves and have been for
several years now. Only a few queries caused the EDNS
response to exceed 512 bytes.
With the introduction of the AAAA records for A.GTLD-SERVERS.NET
and B.GTLD-SERVERS.NET any EDNS referral from the root
servers for COM/NET now exceeds 512 bytes (520 minimum).
A plain DNS referral to COM/NET is 509 bytes so any referal
for an name longer than xx.com is dropping glue records for
the COM/NET servers.
The correct thing to do is to fix your firewall to handle the
EDNS responses.
Mark
RFC 2671: Extension Mechanisms for DNS (EDNS0)