Index: etc/rc.firewall
===================================================================
--- etc/rc.firewall
+++ etc/rc.firewall
@@ -435,6 +435,10 @@
 	# Allow packets for which a state has been built.
 	${fwcmd} add check-state
 
+	# Reassemble UDP packets. This fixes DNSSEC, important for accessing
+	# e.g. FreeBSD.org services with local_unbound resolver
+	${fwcmd} add reass udp from any to any in
+
 	# For services permitted below.
 	${fwcmd} add pass tcp  from me to any established