I have a fresh installation of Ubuntu 18.04 on Google Compute Engine. I have compiled the latest version of Dnsmasq (2.80) with the following configuration:
no-resolv server=220.127.116.11 conf-file=/usr/share/dnsmasq-base/trust-anchors.conf dnssec port=5353
I then issue the following command:
dig @127.0.0.1 -p 5353 pir.org
After that there's a long pause, and the result comes back with the following line at the top of dig:
;; Truncated, retrying in TCP mode.
dnsmasq log says:
dnsmasq: reducing DNS packet size for nameserver 18.104.22.168 to 1280
If I do the exact same thing on Amazon Web Services, dig returns immediately without resorting to TCP mode.
Any ideas why GCE is behaving differently to AWS please?