Problems with IPFW causing failed DNS and FTP sessions

[Michael Sierchio]

Okay, what's your DNS setup?  Are you running a recursive cache that
contacts the root servers directly?  Using your ISP's servers?  Etc.

As a mitigation step, I tried pointing my caches to 8.8.8.8 and
8.8.4.4. - but it turns out that Google is intentionally blocking
(returning NX responses to) many netblocks right now because they
contain hosts known to be part of the botnet in the DDOS DNS
amplification attack.

I'm mirroring the root zone everywhere I have a cache, and it's helping.