diff --git a/CHANGES b/CHANGES
index b2b7d59835..a49353e09b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5584.	[bug]		Rollback setting IP_DONTFRAG option on the UDP sockets.
+			[GL #2487]
+
 5583.	[func]		Changes to DoH configuration syntax:
 			- When "http" is specified in "listen-on" or
 			  "listen-on-v6" statements, "tls" must also now
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 5fe9644665..a4a2babf21 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -121,3 +121,8 @@ Bug Fixes
   list in ``named.conf``, the wrong size was passed to ``isc_mem_put()``,
   which resulted in the returned memory being put on the wrong freed
   list. This has been fixed. [GL #2460]
+
+- If an outgoing packet would exceed max-udp-size, it would be dropped instead
+  of sending a proper response back.  Rollback setting the IP_DONTFRAG on the
+  UDP sockets that we enabled during the DNS Flag Day 2020 to fix this issue.
+  [GL #2487]
diff --git a/lib/isc/netmgr/netmgr.c b/lib/isc/netmgr/netmgr.c
index fb8b1fa701..5ec2ea0707 100644
--- a/lib/isc/netmgr/netmgr.c
+++ b/lib/isc/netmgr/netmgr.c
@@ -2202,6 +2202,9 @@ isc__nm_closesocket(uv_os_sock_t sock) {
 #define setsockopt_on(socket, level, name) \
 	setsockopt(socket, level, name, &(int){ 1 }, sizeof(int))
 
+#define setsockopt_off(socket, level, name) \
+	setsockopt(socket, level, name, &(int){ 1 }, sizeof(int))
+
 isc_result_t
 isc__nm_socket_freebind(uv_os_sock_t fd, sa_family_t sa_family) {
 	/*
@@ -2327,14 +2330,22 @@ isc__nm_socket_dontfrag(uv_os_sock_t fd, sa_family_t sa_family) {
 	 */
 	if (sa_family == AF_INET6) {
 #if defined(IPV6_DONTFRAG)
-		if (setsockopt_on(fd, IPPROTO_IPV6, IPV6_DONTFRAG) == -1) {
+		if (setsockopt_off(fd, IPPROTO_IPV6, IPV6_DONTFRAG) == -1) {
 			return (ISC_R_FAILURE);
 		} else {
 			return (ISC_R_SUCCESS);
 		}
-#elif defined(IPV6_MTU_DISCOVER)
+#elif defined(IPV6_MTU_DISCOVER) && defined(IP_PMTUDISC_OMIT)
 		if (setsockopt(fd, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
-			       &(int){ IP_PMTUDISC_DO }, sizeof(int)) == -1)
+			       &(int){ IP_PMTUDISC_OMIT }, sizeof(int)) == -1)
+		{
+			return (ISC_R_FAILURE);
+		} else {
+			return (ISC_R_SUCCESS);
+		}
+#elif defined(IPV6_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+		if (setsockopt(fd, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+			       &(int){ IP_PMTUDISC_DONT }, sizeof(int)) == -1)
 		{
 			return (ISC_R_FAILURE);
 		} else {
@@ -2345,14 +2356,22 @@ isc__nm_socket_dontfrag(uv_os_sock_t fd, sa_family_t sa_family) {
 #endif
 	} else if (sa_family == AF_INET) {
 #if defined(IP_DONTFRAG)
-		if (setsockopt_on(fd, IPPROTO_IP, IP_DONTFRAG) == -1) {
+		if (setsockopt_off(fd, IPPROTO_IP, IP_DONTFRAG) == -1) {
 			return (ISC_R_FAILURE);
 		} else {
 			return (ISC_R_SUCCESS);
 		}
-#elif defined(IP_MTU_DISCOVER)
+#elif defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_OMIT)
 		if (setsockopt(fd, IPPROTO_IP, IP_MTU_DISCOVER,
-			       &(int){ IP_PMTUDISC_DO }, sizeof(int)) == -1)
+			       &(int){ IP_PMTUDISC_OMIT }, sizeof(int)) == -1)
+		{
+			return (ISC_R_FAILURE);
+		} else {
+			return (ISC_R_SUCCESS);
+		}
+#elif defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+		if (setsockopt(fd, IPPROTO_IP, IP_MTU_DISCOVER,
+			       &(int){ IP_PMTUDISC_DONT }, sizeof(int)) == -1)
 		{
 			return (ISC_R_FAILURE);
 		} else {