systemd-resolved not forwarding shortnames as expected with ‘search’ domain and multiple DNS servers

I am using systemd-resolved on Ubuntu 24 LTS to manage DNS resolution. My goal is to have the following DNS resolution behavior:

  1. Shortnames (hostnames that do not include a domain suffix (e.g., server1, server2)) should be resolved by a local dnsmasq server with IP 192.168.2.254
  2. Fully Qualified Domain Names (FQDNs) ending in .example.lan should also be resolved by the local dnsmasq server.
  3. All other FQDNs should be resolved using the DNS servers configured on the network interface enp1s0 dictated by my VPS provider.

Current Configuration:

  • /etc/systemd/resolved.conf

    [Resolve]
    DNS=192.168.2.254
    Domains=example.lan
    
  • /etc/resolv.conf

    # This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
    # Do not edit.
    nameserver 127.0.0.53
    options edns0 trust-ad
    search example.lan
    
  • resolvectl status output:

Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
       DNS Servers: 192.168.2.254
        DNS Domain: example.lan

Link 2 (enp1s0)
    Current Scopes: DNS
         Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
       DNS Servers: {{VPS_DNS_IPv4_Server}} {{VPS_DNS_IPv6_Server}}
        DNS Domain: ~.

Link 3 (enp8s0)
    Current Scopes: DNS
         Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
       DNS Servers: 192.168.2.254
        DNS Domain: example.lan

What Should Happen:

  1. Shortnames should be forwarded and resolved by the dnsmasq server at 192.168.2.254 (reachable over link enp8s0)
  2. FQDNs ending in .example.lan should be forwarded and resolved by the dnsmasq server at 192.168.2.254.
  3. Other FQDNs should be resolved by the DNS server(s) configured on the enp1s0 network link.

What Actually Happens:

  1. (BAD) Shortnames are never forwarded to 192.168.2.254, and in fact are not even forwarded to the DNS server(s) on link enp1s0. I verified this via tcpdump where I see the following “ServFail” output from 127.0.0.53:
06:53:57.187793 lo    In  IP 127.0.0.1.45390 > 127.0.0.53.53: 46296+ [1au] A? example. (50)
06:53:57.188045 lo    In  IP 127.0.0.53.53 > 127.0.0.1.45390: 46296 ServFail* 0/0/1 (38)
  1. (GOOD) Queries for FQDNs ending in .example.lan are correctly forwarded and resolved by 192.168.2.254.
  2. (GOOD) All other FQDN queries are forwarded to {{VPS_DNS_IPv4_Server}} (verified by tcpdump)

Observation:
It seems like the search domain setting is not being applied before routing/forwarding decisions are made.

Question:

How can I ensure that shortnames and FQDNs ending in .example.lan are forwarded to 192.168.2.254, while other FQDNs are resolved by the DNS servers on the enp1s0 network link?

Any help or insights would be greatly appreciated!

*Note: This Question is very similar to my situation but does not consider shortnames