I recently had to re-provision one of our DNS servers in a hurry. I decided to give Azure a go. Largely speaking the VM is delivering the service as intended.
Today I began investiagting a DNS Sec issue and have found that using dnsviz.net to analyse the effected domain, I get an error reported for the Azure server but none of the others.
Server 168.61.xx.yyy is attempting to send a payload that exceeds their path MTU ( between 894 and 1680 . Some resolvers may not be able to properly receive the DNSKEY RRset with its covering RRSIGs.
I have no idea why this should be the case. Should I be lowering the virtual NIC on the VM to a lower MTU or is there something in the Azure network I don't understand.