Trying to understand why the dnsmasq is registered in /etc/resolv.conf at all, I find that it's listed in /etc/resolvconf/resolv.conf.d/tail. So 192.168.122.1 being listed as a global DNS server is a result of local configuration, which means this problem is at least partly self-inflicted.
If I remove this from /etc/resolvconf/resolv.conf.d/tail and restart systemd-resolved, I no longer see 192.168.122.1 listed at all in systemd-resolve --status. So there is no longer any DNS loop; OTOH, I also no longer get DNS resolution of the names of my VMs. While this works around the original symptom (which is still a bug somewhere, due to the correct handling of A/CNAME/MX but wrong handling of SRV/URI), there also needs to be a proper way to register libvirt's dnsmasq as an auxiliary DNS server for the VMs.
Trying to understand why the dnsmasq is registered in /etc/resolv.conf at all, I find that it's listed in /etc/resolvconf /resolv. conf.d/ tail. So 192.168.122.1 being listed as a global DNS server is a result of local configuration, which means this problem is at least partly self-inflicted.
If I remove this from /etc/resolvconf /resolv. conf.d/ tail and restart systemd-resolved, I no longer see 192.168.122.1 listed at all in systemd-resolve --status. So there is no longer any DNS loop; OTOH, I also no longer get DNS resolution of the names of my VMs. While this works around the original symptom (which is still a bug somewhere, due to the correct handling of A/CNAME/MX but wrong handling of SRV/URI), there also needs to be a proper way to register libvirt's dnsmasq as an auxiliary DNS server for the VMs.