UPDATE September 2010: Belkin/iiNet have finally released a firmware with a fix for the broken IPv6 lookup / DNS delay issue. See Firmware 126.96.36.199 in support answer id 2498. It's taken a year too long, but they got there in the end, and you don't have to ask for the Super Top Secret firmware from support anymore.
UPDATE2 October 2010: Belkin's firmware update fixed AAAA records, but SRV and TXT records are still broken. Morons. Same thing: TXT and SRV queries just time out. This is less than impressive QA, especially after being informed of the AAAA issue. One would think that Belkin would have a test suite to verify basic DNS support in their products that's run as part of the release process...
Original post continues:
Take DNS lookups. The built-in DNS forwarder doesn't understand AAAA lookups, the IPv6 address record query. This is important even if you don't use IPv6 because most modern browsers and operating systems issue IPv6 queries as well as, or before, IPv4 "A" queries when looking up hosts. They expect the IPv6 query to return promptly or fail promptly.
The BoB simply ignores such queries, causing the client DNS resolver to time out. This causes painfully long delays before the resolver realizes that the upstream DNS is never going to reply, and tries again with a regular "A" record lookup.
(Update 2010-07: there is a beta firmware ETH-WAN_v188.8.131.52 that fixes the AAAA record DNS issue described here, though A6 lookup is still busted. It's only available by calling iiNet support and asking for it, you won't find it on the website.)
I've observed this issue with Mac OS X and with modern Linux. I don't know if it affects Windows Vista and Windows 7 yet, but expect it does, though Windows might be smart enough to disable IPv6 lookup attempts after a few failed tries, figuring (correctly in this case) that the DNS server is a wee bit dim.
I reported this to iiNet months ago for another user, and it never got fixed. So I'm writing here to help people who have incredibly slow, glacial, painful DNS lookups - and thus web browsing, email, games, etc - on their iiNet BoB (Belkin F1PI243EGau) routers.
$ # Lookup via BoB DNS forwarder, the DHCP-issued default:$
$ time dig +short -t AAAA @10.1.1.1 google.com
;; connection timed out; no servers could be reached
$ # lookup via iinet DNS direct for same address immediately
$ # returns no result, just like it should.
$ time dig +short -t AAAA @184.108.40.206 google.com
Oh, it also defaults to sending a very "special" DNS search path over DHCP: "iiNet BoB". Because that's a valid domain name, and there's NO way that'll cause lots of bogus lookups for unqualified names...