We enabled RPZ in "LogOnly (Disabled)" mode at:

Mar 11 09:06:17 192.168.0.1 named[10152]: zone malware.rpz.infoblox.local/IN: Transfer started.

Before we enabled RPZ our Recursive Quota stats looked something like this:

Mar 11 09:05:16 192.168.0.1 named[21378]: Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over = 245/830/0/0/1000/0
Mar 11 09:06:09 192.168.0.1 named[21378]: Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over = 182/830/0/0/1000/0

After RPZ was running for a few minutes our Recursive Quota stats looked like this:

Mar 11 09:11:15 192.168.0.1 named[10152]: Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over = 1000/1000/0/0/1000/20171
Mar 11 09:16:22 192.168.0.1 named[10152]: Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over = 984/1000/0/0/1000/39953
Mar 11 09:21:22 192.168.0.1 named[10152]: Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over = 997/1000/0/0/1000/60788
Mar 11 09:26:22 192.168.0.1 named[10152]: Recursion client quota: used/max/soft-limit/s-over/hard-limit/h-over = 1000/1000/0/0/1000/83541

Yes, the 1000 in there means we maxed out the recursive name server and started dropping DNS queries, which are logged like this:

Mar 11 09:17:53 192.168.0.1 named[10152]: client 192.168.55.251#13374 (p52-buy.itunes.apple.com): rpz NSIP rewrite p52-buy.itunes-apple.com.akadns.net via p52-buy.itunes-apple.com.akadns.net unrecognized NS db_find() failed: quota reached

Support has asked us to bump up the max quota from 1000 to 2000 to solve the problem.  Has anyone else run into this issue when enabeling RPZ?