[dns-operations] Strange problem with fragmented DNS responses from b.iana-servers.net

[Ray.Bellis at nominet.org.uk]

> Not likely.  There are some stacks which consistently send the
> fragment at the highest offset first.

Nevertheless, there are consumer routers out there whose stateful 
firewalls do _not_ cope with out-of-order UDP fragments.

I've personally seen this on a Zyxel ADSL router.  It may even have been 
the one I'm still using at home.

It wouldn't allow an IPSEC session to be established through it because 
the IKE (udp/500) message was fragmented.  As I was running the ISP side 
of the network at the time I was able to verify that the fragments were 
going to the WAN side of the router in the wrong order, and weren't coming 
out on the LAN side.

Ray