When using Windows Server 2003 DNS some dns querys may fail because the Windows Server 2003 DNS Service is using Extension Mechanism which used UDP packets larger than 512 bytes. Some firewalls does not support this (so far I have seen this on Cisco PIX).
The Extension Mechanisms for DNS can be disabled using DNSCMD in Windows Support Tools
dnscmd /config /enableednsprobes 0
More info on Extension Mechanisms for DNS