i have read much about DNSSEC in this forum as well as other DNSSEC related sites . However i have a query as to what is the role of
message-length maximum server auto command . Please can anybody explain a practical scenario Also , i have one example (please refer to attachment) .In this , if a packet is coming from Outside world towards firewall to a Public web server hosted in DMZ and consider that Public DNS Server too is also in DMZ Zone of a firewall and have public IP Address (consider there is no nat-control in FW) then what is the command suppose to be given under the "policy-map type inspect dns " .Can we specify "message-length maximum server auto" command over here or will it still work with "message-length maximum client auto " command . I have read that client or server is determined by firewall by looking into the "QR bit " in DNS Header . If QR =0 it is client , otherwise server . I also want to understand as to how firewall will differentiate between a Public DNS Server hosted at ISP or inside (say DMZ) of organization .