original article here For those who can't be arsed reading the article (tl-dr if you will), the way DNS works on the internet is a-changing and your old router or firewall may not be able to take the change in behaviour. This change isn't likely to affect residential users as it's likely to be filtered/made transparent by your isp. But for those of us in corporate-world DNS is changing. DNSSEC rollout is nearing completion and as of tomorrow all root dns servers will give out digital signatures with every DNS request. For some old devices (or the networks behind them) the immediate effect is that DNS might magically stop as the reply size will increase from a maximum of 512 bytes to a total of 2k. The reason behind this is that originally it was assumed that the reply would never need to go above 512 bytes, so a lot of equipment automatically drops dns response packets that exceed that size. Tomorrow may not affect you whatsoever, or it may be the day you realise you and your network are both up shit creek, you have been warned.