This was resolved in 2023. [1]<p>A workaround prior to this was to have a local instance of dnsmasq or Unbound or any other resolver that can use TCP / EDNS. Some companies do this on all nodes regardless to avoid hammering their edge recurive DNS servers and improve retry methods. <i>And optionally have query logging to a ram disk for security tools to monitor queries and to block santioned tld's at the source instead of flooding the edge.</i><p>[1] - <a href="https://www.theregister.com/2023/05/16/alpine_linux_318/" rel="nofollow">https://www.theregister.com/2023/05/16/alpine_linux_318/</a>