I can confirm this problem. 'dig' works because by default it's only asking for A records; but applications on ipv6-enabled clients will ask for both A and AAAA records, and if I query AAAA for this name, the response is too big to fit in a udp packet:
I can confirm this problem. 'dig' works because by default it's only asking for A records; but applications on ipv6-enabled clients will ask for both A and AAAA records, and if I query AAAA for this name, the response is too big to fit in a udp packet:
$ nslookup -q=aaaa pod51041. outlook. com 192.168.15.1
;; Truncated, retrying in TCP mode.
Server: 192.168.15.1
Address: 192.168.15.1#53
Non-authoritative answer: outlook. com has AAAA address 2603:1036:d02::2 outlook. com has AAAA address 2603:1036:d02:6::2 outlook. com has AAAA address 2603:1036:d02:7::2 outlook. com has AAAA address 2a01:111: f400:5201: :2 outlook. com has AAAA address 2a01:111: f400:f370: :2 outlook. com has AAAA address 2603:1036:3:cc::2 outlook. com has AAAA address 2603:1036:3:108::2 outlook. com has AAAA address 2603:1036:4:6f::2 outlook. com has AAAA address 2603:1036:4:71::2 outlook. com has AAAA address 2603:1036:101:3a::2 outlook. com has AAAA address 2603:1036:102:53::2 outlook. com has AAAA address 2603:1036:102:cb::2 outlook. com has AAAA address 2603:1036:405:3b::2 outlook. com has AAAA address 2603:1036:804:1::2 outlook. com has AAAA address 2603:1036:804:a::2 outlook. com has AAAA address 2603:1036:902:a3::2 outlook. com has AAAA address 2603:1036:906:4f::2 outlook. com has AAAA address 2603:1036:d01:1::2
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
pod51041.
Authoritative answers can be found from: ing.com. ing.com. ing.com. ing.com internet address = 157.56.110.11 ing.com internet address = 157.56.116.52 ing.com internet address = 157.55.133.11
outlook.com nameserver = ns2.msft.net.
outlook.com nameserver = ns3.msft.net.
outlook.com nameserver = ns1.msft.net.
outlook.com nameserver = ns2a.o365filter
outlook.com nameserver = ns4.msft.net.
outlook.com nameserver = ns1a.o365filter
outlook.com nameserver = ns4a.o365filter
ns1.msft.net internet address = 208.84.0.53
ns1.msft.net has AAAA address 2620:0:30::53
ns2.msft.net internet address = 208.84.2.53
ns2.msft.net has AAAA address 2620:0:32::53
ns3.msft.net internet address = 193.221.113.53
ns3.msft.net has AAAA address 2620:0:34::53
ns4.msft.net internet address = 208.76.45.53
ns4.msft.net has AAAA address 2620:0:37::53
ns1a.o365filter
ns2a.o365filter
ns4a.o365filter
$
If I try this against systemd-resolved, I see:
$ nslookup -q=aaaa pod51041. outlook. com 53#53(127. 0.0.53) for pod51041. outlook. com failed: connection refused.
;; Warning: Message parser reports malformed message packet.
;; Truncated, retrying in TCP mode.
;; Connection to 127.0.0.
$
So the problem is that systemd-resolved is not handling tcp requests at all.