[RayPesek]

This article sk31051 titled " Enabling DNS TCP protocol enforcement" mentions a kernel parameter that can be changed to disable this check. It specifically mentions your "DNS data is too long" error message although it pertains to zone transfers. You might want to try its suggested fix. Or maybe there's a way to turn off DNS TCP checks in the GUI?

Since Check Point doesn't make its KB available without an appropriate subscription, I don't think it would be permissible to put the contents of the article here.

I'd open a case with Check Point as well.

Take care,

Ray