Slow initial DNS query to samba domain controller

I have two Ubuntu server VMs joined to a Samba domain, served by a single Ubuntu server domain controller. Both “clients” have an almost identical netplan configuration, defining the domain controller as the only nameserver. One of the two is very slow to resolve DNS queries, taking about five seconds for the first resolution; subsequent queries are not affected by this delay, then if I don’t run any queries for 5 minutes, the next query is going to be slow again. tcpdump reveals that the initial query is repeated several times, then run again after 5 seconds.

For the sake of this example, 10.0.0.3 is the problematic server, 10.0.0.6 is the sane server, 10.0.0.4 is the domain controller.

11:26:21.100726 IP 10.0.0.3.48873 > 10.0.0.4.53: 184+ (1au) A? google.com. (39)
11:26:21.149703 IP 10.0.0.4.53 > 10.0.0.3.48873: 184 1/0/0 A 172.217.22.78 (44)
11:26:21.151056 IP 10.0.0.3.48873 > 10.0.0.4.53: 58641+ (1au) A? google.com. (39)
11:26:21.152342 IP 10.0.0.4.53 > 10.0.0.3.48873: 58641 1/0/0 A 172.217.22.78 (44)
11:26:21.153061 IP 10.0.0.3.48873 > 10.0.0.4.53: 21909+ (1au) A? google.com. (39)
11:26:21.154422 IP 10.0.0.4.53 > 10.0.0.3.48873: 21909 1/0/0 A 172.217.22.78 (44)
11:26:21.154956 IP 10.0.0.3.48873 > 10.0.0.4.53: 51355+ (1au) A? google.com. (39)
11:26:21.156231 IP 10.0.0.4.53 > 10.0.0.3.48873: 51355 1/0/0 A 172.217.22.78 (44)
11:26:21.156610 IP 10.0.0.3.48873 > 10.0.0.4.53: 62445+ (1au) A? google.com. (39)
11:26:21.157708 IP 10.0.0.4.53 > 10.0.0.3.48873: 62445 1/0/0 A 172.217.22.78 (44)
11:26:21.158265 IP 10.0.0.3.48873 > 10.0.0.4.53: 34874+ (1au) A? google.com. (39)
11:26:21.159087 IP 10.0.0.4.53 > 10.0.0.3.48873: 34874 1/0/0 A 172.217.22.78 (44)
11:26:21.159617 IP 10.0.0.3.48873 > 10.0.0.4.53: 22926+ (1au) A? google.com. (39)
11:26:21.160575 IP 10.0.0.4.53 > 10.0.0.3.48873: 22926 1/0/0 A 172.217.22.78 (44)
11:26:21.161204 IP 10.0.0.3.48873 > 10.0.0.4.53: 45141+ (1au) A? google.com. (39)
11:26:21.162012 IP 10.0.0.4.53 > 10.0.0.3.48873: 45141 1/0/0 A 172.217.22.78 (44)
11:26:21.162475 IP 10.0.0.3.48873 > 10.0.0.4.53: 44557+ (1au) A? google.com. (39)
11:26:21.163223 IP 10.0.0.4.53 > 10.0.0.3.48873: 44557 1/0/0 A 172.217.22.78 (44)
11:26:21.163640 IP 10.0.0.3.48873 > 10.0.0.4.53: 2459+ (1au) A? google.com. (39)
11:26:21.164275 IP 10.0.0.4.53 > 10.0.0.3.48873: 2459 1/0/0 A 172.217.22.78 (44)
11:26:21.164698 IP 10.0.0.3.48873 > 10.0.0.4.53: 5235+ (1au) A? google.com. (39)
11:26:21.165455 IP 10.0.0.4.53 > 10.0.0.3.48873: 5235 1/0/0 A 172.217.22.78 (44)
11:26:21.166089 IP 10.0.0.3.48873 > 10.0.0.4.53: 48871+ (1au) A? google.com. (39)
11:26:21.166949 IP 10.0.0.4.53 > 10.0.0.3.48873: 48871 1/0/0 A 172.217.22.78 (44)
11:26:21.167413 IP 10.0.0.3.48873 > 10.0.0.4.53: 62490+ (1au) A? google.com. (39)
11:26:21.168114 IP 10.0.0.4.53 > 10.0.0.3.48873: 62490 1/0/0 A 172.217.22.78 (44)
11:26:21.168500 IP 10.0.0.3.48873 > 10.0.0.4.53: 24725+ (1au) A? google.com. (39)
11:26:21.169077 IP 10.0.0.4.53 > 10.0.0.3.48873: 24725 1/0/0 A 172.217.22.78 (44)
11:26:21.169483 IP 10.0.0.3.48873 > 10.0.0.4.53: 14386+ (1au) A? google.com. (39)
11:26:21.170033 IP 10.0.0.4.53 > 10.0.0.3.48873: 14386 1/0/0 A 172.217.22.78 (44)
11:26:21.170664 IP 10.0.0.3.48873 > 10.0.0.4.53: 6294+ (1au) A? google.com. (39)
11:26:21.171434 IP 10.0.0.4.53 > 10.0.0.3.48873: 6294 1/0/0 A 172.217.22.78 (44)
11:26:21.171915 IP 10.0.0.3.48873 > 10.0.0.4.53: 6275+ (1au) A? google.com. (39)
11:26:21.173034 IP 10.0.0.4.53 > 10.0.0.3.48873: 6275 1/0/0 A 172.217.22.78 (44)
11:26:21.173676 IP 10.0.0.3.48873 > 10.0.0.4.53: 65+ (1au) A? google.com. (39)
11:26:21.174649 IP 10.0.0.4.53 > 10.0.0.3.48873: 65 1/0/0 A 172.217.22.78 (44)
11:26:21.175138 IP 10.0.0.3.48873 > 10.0.0.4.53: 23873+ (1au) A? google.com. (39)
11:26:21.176005 IP 10.0.0.4.53 > 10.0.0.3.48873: 23873 1/0/0 A 172.217.22.78 (44)
11:26:21.176394 IP 10.0.0.3.48873 > 10.0.0.4.53: 2172+ (1au) A? google.com. (39)
11:26:21.177578 IP 10.0.0.4.53 > 10.0.0.3.48873: 2172 1/0/0 A 172.217.22.78 (44)
11:26:21.177933 IP 10.0.0.3.48873 > 10.0.0.4.53: 58226+ (1au) A? google.com. (39)
11:26:21.178680 IP 10.0.0.4.53 > 10.0.0.3.48873: 58226 1/0/0 A 172.217.22.78 (44)
11:26:21.179030 IP 10.0.0.3.48873 > 10.0.0.4.53: 32016+ (1au) A? google.com. (39)
11:26:21.179966 IP 10.0.0.4.53 > 10.0.0.3.48873: 32016 1/0/0 A 172.217.22.78 (44)
11:26:21.180306 IP 10.0.0.3.48873 > 10.0.0.4.53: 29620+ (1au) A? google.com. (39)
11:26:21.180949 IP 10.0.0.4.53 > 10.0.0.3.48873: 29620 1/0/0 A 172.217.22.78 (44)
11:26:21.181223 IP 10.0.0.3.48873 > 10.0.0.4.53: 64969+ (1au) A? google.com. (39)
11:26:21.181966 IP 10.0.0.4.53 > 10.0.0.3.48873: 64969 1/0/0 A 172.217.22.78 (44)
11:26:26.098400 IP 10.0.0.3.36245 > 10.0.0.4.53: 26784+ A? google.com. (28)
11:26:26.100173 IP 10.0.0.4.53 > 10.0.0.3.36245: 26784 1/0/0 A 172.217.22.78 (44)

From the second server (expected behaviour):

11:40:05.850880 IP 10.0.0.6.45835 > 10.0.0.4.53: 11263+ A? google.com. (28)
11:40:05.877850 IP 10.0.0.4.53 > 10.0.0.6.45835: 11263 1/0/0 A 172.217.22.78 (44)

On both servers:

$ cat /etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search domain.ext
  • The domain controller uses the Internal DNS Back End.
  • Resolving names in external zones (such as google.com) or in zones served by the domain controller (such as server1.domain.ext) does not make any difference.
  • The first query after running netplan apply is always slow on the problematic server.
  • Specifying the nameserver works without delay: dig google.com @10.0.0.4 responds immediately.
  • I couldn’t spot any meaningful differences in the configuration of the two servers.
  • Leaving the domain makes no difference.

What could be the cause of this abnormal behaviour?