In the general case frags are always bad, and instead of blocking DNS over TCP your firewall should be alerting on them.
In the case of the DNS resolution protocol, UDP frags are double-bad. The protocol (not updated since the 1980s) specifies that TCP retry should only occur if a UDP response is received with TC=1; if the UDP response is dropped, TCP retry never occurs. In the case of a UDP frag if a portion of the original datagram is dropped the response is never reassembled, TC=1 is never observed, and TCP retry never occurs.
In the general case frags are always bad, and instead of blocking DNS over TCP your firewall should be alerting on them.
In the case of the DNS resolution protocol, UDP frags are double-bad. The protocol (not updated since the 1980s) specifies that TCP retry should only occur if a UDP response is received with TC=1; if the UDP response is dropped, TCP retry never occurs. In the case of a UDP frag if a portion of the original datagram is dropped the response is never reassembled, TC=1 is never observed, and TCP retry never occurs.