When I run the Network analyzer at http://netalyzr.icsi.berkeley.edu/ it reports:
The resolver at could not process the following tested types:
Medium (~1300B) TXT records
Large (~3000B) TXT records
It does not validate DNSSEC. It does not wildcard NXDOMAIN errors. The resolver reports a number of additional properties. Hide them.
Version: Microsoft DNS 6.1.7601 (1DB14556)
I have tried fixing the inability to resolve Medium and Large queries by setting MaximumUdpPacketSize to 4096 and rebooting (DNS Registry Entries). Changing that setting had no affect.
How do I fix both the record size issue and ability to validate DNSSEC while keeping all standard DNS functions working?
Large records (and the ability to respond to them) are handled using DNSSEC, which will allow packets bigger than 4000 to go over TCP. It is NOT enabled by default in 2008R2.
Here is Microsoft's walkthrough on how to enable DNSSEC for 2008R2 and Windows 7.