I'm running into an issue where my 6509 with FWSM installed is lets www requests through, but blocks DNS, despite being told to permit both.
Most perversely, it's blocking DNS on my internal networks. I've got the FWSM set up in single context mode, with a 1-port-to-1-vlan relationship for each of the different firewalls, and even the "internal" networks are blocked from each other. So long as either or both the nameserver netblock and the client netblock must transit the FWSM, all DNS traffic fails. (Things work fine whrn the Nameservers are taken off the FWSM and so is the client network. But then what's the point of having an FWSM if you circumvent it for everything?) Meanwhile, web access works fine in all permutations of different networks being on or off the FWSM.