Thank you for the blog. We ran into this issue with one specific record that was above the 512 bytes if queried with dnssec enabled.
For us the workaround was to create a DNS Proxy rule to forward dns queries for that domain to a different dns server. In our case we used open dns server, which do not support dnssec. This is a workaround until we can upgrade to a version that fixes this issue.