When using Windows Server 2003 DNS some dns querys may fail because the Windows Server 2003 DNS Service is using Extension Mechanism which used UDP packets larger than 512 bytes. Some firewalls does not support this (so far I have seen this on Cisco PIX).

The Extension Mechanisms for DNS can be disabled using DNSCMD in Windows Support Tools

   dnscmd /config /enableednsprobes 0

Q832223: Some DNS Name Queries Are Unsuccessful After You Upgrade Your DNS Server to Windows Server 2003

More info on Extension Mechanisms for DNS

Using Extension Mechanisms for DNS (EDNS0)