The default policy on an ASA firewall is to drop DNS UDP datagrams larger than 512 bytes. Have you modified this policy? We had quite some DNS root-servers sending UDP packets of 541 bytes. Is there som general recommendation?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...